5ffdfbbdeb618327161cac14e2126158de5043d7c24b2b2d35f97d8ee8f48aa0

Analysis

max time kernel
157s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6f37f0fcb338dc2bd02ebf12b50b000.exe
Size

184KB
MD5

d6f37f0fcb338dc2bd02ebf12b50b000
SHA1

3fa331e2cba1ecb843ed71a22ca23f0fb9b7339d
SHA256

5ffdfbbdeb618327161cac14e2126158de5043d7c24b2b2d35f97d8ee8f48aa0
SHA512

6c9fadc3a22d36087c28296984cf729679c73e0c211564b6ccaaba73060840f1fb00f88ab7b256e5ac287070640beec1147b5be392e5f6168e236fb050ff5669
SSDEEP

3072:Mw2doJInfUAKSOjadaN8zz19pjYWPZdztuqxxsdxP7lXvpFt:MwsomlKSJdy8zzDFfG7lXvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
1360	Unicorn-29201.exe
2524	Unicorn-25200.exe
2664	Unicorn-25754.exe
2416	Unicorn-42387.exe
2916	Unicorn-32081.exe
2956	Unicorn-38857.exe
1952	Unicorn-13689.exe
760	Unicorn-14244.exe
536	Unicorn-60752.exe
2720	Unicorn-46505.exe
308	Unicorn-51144.exe
2220	Unicorn-21809.exe
1640	Unicorn-25893.exe
1988	Unicorn-6027.exe
2016	Unicorn-62130.exe
1768	Unicorn-2514.exe
2136	Unicorn-29925.exe
2224	Unicorn-32333.exe
532	Unicorn-19090.exe
2460	Unicorn-19090.exe
1756	Unicorn-12867.exe
1064	Unicorn-5322.exe
2312	Unicorn-51015.exe
2940	Unicorn-16589.exe
2612	Unicorn-59567.exe
2796	Unicorn-31856.exe
2640	Unicorn-53900.exe
2988	Unicorn-13381.exe
2436	Unicorn-24456.exe
2492	Unicorn-57875.exe
2880	Unicorn-16672.exe
1912	Unicorn-56121.exe
868	Unicorn-14533.exe
2580	Unicorn-64289.exe
1216	Unicorn-47974.exe
2708	Unicorn-54004.exe
2752	Unicorn-64865.exe
2764	Unicorn-50475.exe
1368	Unicorn-19194.exe
1076	Unicorn-16371.exe
1916	Unicorn-34330.exe
1548	Unicorn-27253.exe
1560	Unicorn-6448.exe
1564	Unicorn-13225.exe
2208	Unicorn-39889.exe
672	Unicorn-37751.exe
684	Unicorn-13801.exe
932	Unicorn-43781.exe
1552	Unicorn-23915.exe
1484	Unicorn-33475.exe
2192	Unicorn-38135.exe
1336	Unicorn-23745.exe
1744	Unicorn-3879.exe
1792	Unicorn-35997.exe
2820	Unicorn-42027.exe
2412	Unicorn-18077.exe
1060	Unicorn-29151.exe
1372	Unicorn-3023.exe
1616	Unicorn-22375.exe
1092	Unicorn-29151.exe
1608	Unicorn-49017.exe

Loads dropped DLL 64 IoCs

pid	Process
2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe
2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe
1360	Unicorn-29201.exe
1360	Unicorn-29201.exe
2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe
2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe
2664	Unicorn-25754.exe
2524	Unicorn-25200.exe
2664	Unicorn-25754.exe
2524	Unicorn-25200.exe
1360	Unicorn-29201.exe
1360	Unicorn-29201.exe
2416	Unicorn-42387.exe
2416	Unicorn-42387.exe
2664	Unicorn-25754.exe
2664	Unicorn-25754.exe
2956	Unicorn-38857.exe
2956	Unicorn-38857.exe
1952	Unicorn-13689.exe
1952	Unicorn-13689.exe
2416	Unicorn-42387.exe
2416	Unicorn-42387.exe
536	Unicorn-60752.exe
536	Unicorn-60752.exe
760	Unicorn-14244.exe
2956	Unicorn-38857.exe
2956	Unicorn-38857.exe
760	Unicorn-14244.exe
308	Unicorn-51144.exe
308	Unicorn-51144.exe
1640	Unicorn-25893.exe
1640	Unicorn-25893.exe
2220	Unicorn-21809.exe
2220	Unicorn-21809.exe
1988	Unicorn-6027.exe
1988	Unicorn-6027.exe
2016	Unicorn-62130.exe
2136	Unicorn-29925.exe
2016	Unicorn-62130.exe
2136	Unicorn-29925.exe
2224	Unicorn-32333.exe
2224	Unicorn-32333.exe
1768	Unicorn-2514.exe
1768	Unicorn-2514.exe
532	Unicorn-19090.exe
532	Unicorn-19090.exe
1756	Unicorn-12867.exe
1756	Unicorn-12867.exe
2460	Unicorn-19090.exe
2460	Unicorn-19090.exe
1064	Unicorn-5322.exe
1064	Unicorn-5322.exe
1768	Unicorn-2514.exe
1768	Unicorn-2514.exe
2720	Unicorn-46505.exe
2720	Unicorn-46505.exe
2312	Unicorn-51015.exe
2312	Unicorn-51015.exe
532	Unicorn-19090.exe
532	Unicorn-19090.exe
2940	Unicorn-16589.exe
2940	Unicorn-16589.exe
1756	Unicorn-12867.exe
1756	Unicorn-12867.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	1916	WerFault.exe	69

Suspicious use of SetWindowsHookEx 54 IoCs

pid	Process
2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe
1360	Unicorn-29201.exe
2524	Unicorn-25200.exe
2664	Unicorn-25754.exe
2916	Unicorn-32081.exe
2416	Unicorn-42387.exe
2956	Unicorn-38857.exe
1952	Unicorn-13689.exe
760	Unicorn-14244.exe
536	Unicorn-60752.exe
2720	Unicorn-46505.exe
308	Unicorn-51144.exe
1640	Unicorn-25893.exe
2220	Unicorn-21809.exe
1988	Unicorn-6027.exe
2016	Unicorn-62130.exe
2136	Unicorn-29925.exe
1768	Unicorn-2514.exe
2224	Unicorn-32333.exe
532	Unicorn-19090.exe
1756	Unicorn-12867.exe
2460	Unicorn-19090.exe
1064	Unicorn-5322.exe
2312	Unicorn-51015.exe
2940	Unicorn-16589.exe
2612	Unicorn-59567.exe
2796	Unicorn-31856.exe
2640	Unicorn-53900.exe
2988	Unicorn-13381.exe
2436	Unicorn-24456.exe
2492	Unicorn-57875.exe
2880	Unicorn-16672.exe
1912	Unicorn-56121.exe
868	Unicorn-14533.exe
1216	Unicorn-47974.exe
2580	Unicorn-64289.exe
2708	Unicorn-54004.exe
2752	Unicorn-64865.exe
2764	Unicorn-50475.exe
1368	Unicorn-19194.exe
1916	Unicorn-34330.exe
1076	Unicorn-16371.exe
1548	Unicorn-27253.exe
1560	Unicorn-6448.exe
1564	Unicorn-13225.exe
2208	Unicorn-39889.exe
672	Unicorn-37751.exe
932	Unicorn-43781.exe
1484	Unicorn-33475.exe
1552	Unicorn-23915.exe
684	Unicorn-13801.exe
1744	Unicorn-3879.exe
1336	Unicorn-23745.exe
2192	Unicorn-38135.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1360	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	27
PID 2860 wrote to memory of 1360	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	27
PID 2860 wrote to memory of 1360	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	27
PID 2860 wrote to memory of 1360	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	27
PID 1360 wrote to memory of 2524	1360	Unicorn-29201.exe	28
PID 1360 wrote to memory of 2524	1360	Unicorn-29201.exe	28
PID 1360 wrote to memory of 2524	1360	Unicorn-29201.exe	28
PID 1360 wrote to memory of 2524	1360	Unicorn-29201.exe	28
PID 2860 wrote to memory of 2664	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	29
PID 2860 wrote to memory of 2664	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	29
PID 2860 wrote to memory of 2664	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	29
PID 2860 wrote to memory of 2664	2860	d6f37f0fcb338dc2bd02ebf12b50b000.exe	29
PID 2664 wrote to memory of 2416	2664	Unicorn-25754.exe	30
PID 2664 wrote to memory of 2416	2664	Unicorn-25754.exe	30
PID 2664 wrote to memory of 2416	2664	Unicorn-25754.exe	30
PID 2664 wrote to memory of 2416	2664	Unicorn-25754.exe	30
PID 2524 wrote to memory of 2916	2524	Unicorn-25200.exe	31
PID 2524 wrote to memory of 2916	2524	Unicorn-25200.exe	31
PID 2524 wrote to memory of 2916	2524	Unicorn-25200.exe	31
PID 2524 wrote to memory of 2916	2524	Unicorn-25200.exe	31
PID 1360 wrote to memory of 2956	1360	Unicorn-29201.exe	32
PID 1360 wrote to memory of 2956	1360	Unicorn-29201.exe	32
PID 1360 wrote to memory of 2956	1360	Unicorn-29201.exe	32
PID 1360 wrote to memory of 2956	1360	Unicorn-29201.exe	32
PID 2416 wrote to memory of 1952	2416	Unicorn-42387.exe	33
PID 2416 wrote to memory of 1952	2416	Unicorn-42387.exe	33
PID 2416 wrote to memory of 1952	2416	Unicorn-42387.exe	33
PID 2416 wrote to memory of 1952	2416	Unicorn-42387.exe	33
PID 2664 wrote to memory of 760	2664	Unicorn-25754.exe	34
PID 2664 wrote to memory of 760	2664	Unicorn-25754.exe	34
PID 2664 wrote to memory of 760	2664	Unicorn-25754.exe	34
PID 2664 wrote to memory of 760	2664	Unicorn-25754.exe	34
PID 2956 wrote to memory of 536	2956	Unicorn-38857.exe	35
PID 2956 wrote to memory of 536	2956	Unicorn-38857.exe	35
PID 2956 wrote to memory of 536	2956	Unicorn-38857.exe	35
PID 2956 wrote to memory of 536	2956	Unicorn-38857.exe	35
PID 1952 wrote to memory of 2720	1952	Unicorn-13689.exe	36
PID 1952 wrote to memory of 2720	1952	Unicorn-13689.exe	36
PID 1952 wrote to memory of 2720	1952	Unicorn-13689.exe	36
PID 1952 wrote to memory of 2720	1952	Unicorn-13689.exe	36
PID 2416 wrote to memory of 308	2416	Unicorn-42387.exe	37
PID 2416 wrote to memory of 308	2416	Unicorn-42387.exe	37
PID 2416 wrote to memory of 308	2416	Unicorn-42387.exe	37
PID 2416 wrote to memory of 308	2416	Unicorn-42387.exe	37
PID 536 wrote to memory of 2220	536	Unicorn-60752.exe	38
PID 536 wrote to memory of 2220	536	Unicorn-60752.exe	38
PID 536 wrote to memory of 2220	536	Unicorn-60752.exe	38
PID 536 wrote to memory of 2220	536	Unicorn-60752.exe	38
PID 2956 wrote to memory of 1988	2956	Unicorn-38857.exe	40
PID 2956 wrote to memory of 1988	2956	Unicorn-38857.exe	40
PID 2956 wrote to memory of 1988	2956	Unicorn-38857.exe	40
PID 2956 wrote to memory of 1988	2956	Unicorn-38857.exe	40
PID 760 wrote to memory of 1640	760	Unicorn-14244.exe	39
PID 760 wrote to memory of 1640	760	Unicorn-14244.exe	39
PID 760 wrote to memory of 1640	760	Unicorn-14244.exe	39
PID 760 wrote to memory of 1640	760	Unicorn-14244.exe	39
PID 308 wrote to memory of 2016	308	Unicorn-51144.exe	41
PID 308 wrote to memory of 2016	308	Unicorn-51144.exe	41
PID 308 wrote to memory of 2016	308	Unicorn-51144.exe	41
PID 308 wrote to memory of 2016	308	Unicorn-51144.exe	41
PID 1640 wrote to memory of 1768	1640	Unicorn-25893.exe	44
PID 1640 wrote to memory of 1768	1640	Unicorn-25893.exe	44
PID 1640 wrote to memory of 1768	1640	Unicorn-25893.exe	44
PID 1640 wrote to memory of 1768	1640	Unicorn-25893.exe	44

C:\Users\Admin\AppData\Local\Temp\d6f37f0fcb338dc2bd02ebf12b50b000.exe
"C:\Users\Admin\AppData\Local\Temp\d6f37f0fcb338dc2bd02ebf12b50b000.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        12⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        10⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        10⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        8⤵
        Executes dropped EXE
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        7⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        8⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        8⤵
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        10⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        9⤵
        Executes dropped EXE
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        10⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        9⤵
        Program crash
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        9⤵
        Executes dropped EXE
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        10⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        8⤵
        Executes dropped EXE
        
        PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        8⤵
        Executes dropped EXE
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        8⤵
        
        PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe

Filesize
184KB

MD5
7b33c276531d42c7dd0c6a737265f6dc

SHA1
d9d2a790d116153fca65b7da8bab92ce080ecb3c

SHA256
3e4a54ac206c19c6f83467f7f38109e87602ba6be13e2cb19b77744c5ddc4077

SHA512
fccedfcc62de07aae76bde08aeb69330f74128ff58fefc64c7319d3e34523d171aec11b44c0e9ed13b1ac62e14e91edfa434be2ce3f1076e79a32aa4efca0281

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe

Filesize
184KB

MD5
d755529f84c7aeb61f2735c8ae909e0e

SHA1
d84026ac256a6d7c2fc3e4dae162bc157498876f

SHA256
a57402f5a86a575d6f91b80c992ece5ff805e4ca02436097d0658d7f0fee4707

SHA512
eb115ce34b07ca5b685f79d6a13610d29260187cd0d3f781df1ee74a6966f8d24a30108d9165903ab05c7d0006d02cb1be09a9d41a6893d47f0907a68ce78a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe

Filesize
184KB

MD5
e8162b93c372ad4ed5c2b47b3e61307c

SHA1
e9697c4af2a49e47fdb2cbe7e45ce1fcaecdd0f1

SHA256
96dadaeb6b8c464e708f3b06361a77bfc09e65be9ff38f91a16e7f96d6a26346

SHA512
c9ef86ba15247b4c07d294dfffba3c66132942ed3c29e59a24873c26e677d252f0e68502ef000d9d7323ba0d223790c97e07d164f9263e52bd1e7047155eb4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe

Filesize
92KB

MD5
654a8d80299bab908ba0805336da410d

SHA1
77bbc7ed7d2f685f997b445cc0527750e9516b07

SHA256
370a822cfa306b04896312ecbab7d22d632ea651831267fd5e13f5c6cd4d6796

SHA512
c14728ba40798976fd52e8c26b23103cb63f6cd796b7b73b72a6dba63c67cb2be1ae1d06037a753b9252d6f54e0b6a631b0359717c894910739e2d11498acf8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe

Filesize
184KB

MD5
c02a5fc9518b74404191a4962bfd4eca

SHA1
814c1435dfdc080c097a7ce0b8e11bf52b393be1

SHA256
ef112b6dd8fe5bee9d403421844381475287c88755e28356a53398f6c6c7334d

SHA512
a932eba137accc46f665c1d80cd40eb03d3a0979906221c9d1a7a12ef3490d9e54362dcd4aef412ebf8bed80d96bc4ab84d9e8c96ec99774ef9d63f043793ee9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe

Filesize
184KB

MD5
0c63e3e9a2b07baad480bc624be2fbd9

SHA1
0a8607ba9d7026000d3e09cf6e48fcf8c66e4813

SHA256
e6df28ffcc1c98b61f0bb8c32d0bd3ebb489ef6a2a7a4d8548e586593cf6b5ef

SHA512
145b56eb1981c16622fbef51e5e0a4d4cc66270347246b9a72db602f53b87b67cda2e7d71b27524adaa9c4cd8860c04be2e130815eb9d7687cdd50268be09c34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe

Filesize
184KB

MD5
2afcc84176a7cdff368eeaaba2652840

SHA1
3268cafdd7b1cbebb3c5a148d39c5a07ea1ece24

SHA256
fa734e4a127015e4e3211824d49fbe1d173c5787bd5d3857e6ac3a4da189a6b8

SHA512
59bcabd6694c09d5a78b936af2bcd0ca2a7e48723bed1e69210830351140d99780be8d63ec6d843698b3bf0ea86a378cc906a35a86e3b91a00d639372b30d84c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe

Filesize
184KB

MD5
fac0dc60ab007fc7d7f38c22e9d33355

SHA1
3365a9e8776fbd6bdeaccfc34302f262bc7b73ef

SHA256
f8c8f7782fd05cddf6733f65d424261120249d3a3ad11062df5df7d57b3401d8

SHA512
3275766c2d508899f923b63c170f38954a6fe19e70abd57705ac24cf65161e4dce46758b3809670b89c0fb1ced782279de4221b9463c32dff90aa9786612c09a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe

Filesize
184KB

MD5
dfacb80ef0471c2a1d29232fc43bceed

SHA1
64e77c2c6c904e72e61deb036d093fc188488acc

SHA256
eeeb6d63f5dbcaa875b98acbec1a8e1496fad9d8f2bbfe770ddbfea01b1902da

SHA512
6a5cb92828a7afeeb2882207d2e52d8e476829daf2d46e546424f5193ce55746a0b499840406b9500beaf77f3ee0b1603221e12dbd3317a8a90ea52d8d0d1bf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe

Filesize
184KB

MD5
135b3d9e4587d4f081a3170c572dd240

SHA1
58c983e7ed390db37ca2e18accde349059e22df5

SHA256
9eab558240e42a49ad369db40cdfef0737306a0f24afcf07a1ab4bf3325007b5

SHA512
0f599089237df7faf033acd51ab6b10427a8e2954ca51d52089883d5c0c2b47eb3a9077e46e6053073aa234af9a9ced661fdf81204e9e8eda594cbc5b4ca6690

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe

Filesize
184KB

MD5
1d5362030720e5b0b4d03f4c106fedba

SHA1
a6d85313155b93c19f2f66d05c72a239a7f3a7ff

SHA256
197881ff8ba043d304171725e42d598309ea844462f81e7c3ea46f7bcf9b4236

SHA512
22d5f64d3f1622e5fd09858fb03abcf6f80546dfb5df4f84459a0b4998ba9f33a435daa618adce6b3696c18435ed78a178c207c171b34e4700ccbe2dbb9a3663

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe

Filesize
184KB

MD5
1dc37161b5ae6926e09cbe296aede279

SHA1
3bbe5dccc68b6513fe3e88941105008dbece20b3

SHA256
e76a0b6486470e64bf25a1b8302a372fa8c27dbd2b295ca163596d688284deff

SHA512
c4b9713c3f2078a9b5f9b06aefa842e760c16db95a3385e8ed9024c54610b7607b22defe4d9525591f070f8723d0cf3306e461c07fe668c08fdcc2da6cc01611

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe

Filesize
184KB

MD5
61ffd10831a2854ecdeb0cd647bb111d

SHA1
3fc053b0d6584f25f3a664fb2ae6b7e0a81fc70a

SHA256
c355fc0ef3808a91db2d2052f702634e3ae5aa5057cc56afb05599a617642d53

SHA512
a804a76a28d335978ce519f70d3be3a7758790cd84e344ac6a8d92742e10a3a13ad3096249bd905e8c37a29f30542b98cd13fa42312c8d94056da6a7e527f025

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe

Filesize
184KB

MD5
305543925c2aee92a0fee89b925cae97

SHA1
3df66f52f6181aedc13f124c6b162c5316270894

SHA256
21c6ee35dcd8bfaddea2909b57b1a26a8decd3aca65705f8eb972e63fdd6acb3

SHA512
2cc3a071f7b15debacdd175aab6b56de7b8a50ce7e80447908cc553dcd8407e237279b9dfbbac8d49753f1d5ad2600f7f491e92023e8a625655eb70cd735686d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe

Filesize
184KB

MD5
cae1629810774095daa8fbeac855f762

SHA1
07f313d5309facb5b04d9dd2aeff1c7ecbe25e7f

SHA256
5421987a18963888072b7b831397c52a7c50542bb1664c06ed33811169848ad0

SHA512
ac8759e8d04baf30adf234cc7774b0eb6db1a6a04504bdddc004a187212e72332def4bbf49673a13d7e2b73b65aef1e0d9996c2610b6bfc4cfd3e56c63fb1c6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe

Filesize
184KB

MD5
d1f5cae9afd677d7bb3bc3cb62bd4e44

SHA1
bad3e8970f9041728db96298ed949f9319687c3a

SHA256
8e1e31fb8f43afc4feea4254fa6eb0a90ba357a533924c193c0054239a925378

SHA512
620eec0c2aa0ba0ff9e3d9251a055d982f18bf9a6667567afec7a8480bbe02da790835e888546353d817ddd72197d6b0f360ca7126e6f180fec847966ed19ed0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe

Filesize
184KB

MD5
85645f9b60ca16e3db73208ab9d6f930

SHA1
37de1b6bb4ddfc51d5cada1f876ebe63c792f094

SHA256
c446157e91b477d9d61c924fb8a93e2dae705497e2cf72124f6c52470460fbca

SHA512
dff56560f03419136108f1ca1b608ae0161ddeb87c6b8484a1f34b903813862184e1050b1e2726fc4862f572417abf71592e8c19ffa1345e01dbd2a78ac3010d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe

Filesize
184KB

MD5
da5fead7a8ca321b16fce829f7e509b0

SHA1
f9a072355f9db9341fc3bd44f1c8697873e6fd47

SHA256
e7009f73107f3a8b02f438da3e2eee4f18073764a92186248d8c316f8332996a

SHA512
866929034ce33d2205eb2ecd9dc1237eb47f5c9e7a57a689eaf00f881dce74a0f0ac38d92972a18498c7e218d48688e41b931052cd65deaf046143413d80c99f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe

Filesize
128KB

MD5
73a6abcfd67d7be90c24d805233e3bdc

SHA1
66b3492b3e60920869b3da12cf8c6e9e00ecc01a

SHA256
fd4fae18e83e4cc852bc4d381d446b98fafdd8a3407783b45470673e852a638f

SHA512
167c6c7632de0aa454f5a2bea8e1eaa43728e5801fa449fa2a580cd7b3a27814befe1300c3e883fd1d88237746a93f4551019cf4526ced84a0e4fdbcc0f5f42a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe

Filesize
184KB

MD5
1c6fc0a7d5e40dc3fcf3c52ed1327fab

SHA1
5b82804178ba25aa81f2d598c7f568962998dc10

SHA256
3efaa701ddf1a633587b1329d561594866d0a50e918b59b7303e04a3d5c76a8a

SHA512
a10513608077e9df9ff13145dd7f6c3a740c86faea4e7c5a6e96beda3fc79f02aab0b5704386e9abf8c37c6617f4ec8e79a94a5cfee28e83cc21a8e9ad7c95ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe

Filesize
184KB

MD5
f9ccce14f8a18aca6ab4139728b273bd

SHA1
7463cfc68aeedfd0a6f8bc6385740770f766467b

SHA256
59a2f29c5cfab52f874e8017553267e5a83051099a50b15fb476ed5691393bf2

SHA512
4bf2b43e6038584ba25d9e21aab28129e5e787107ffa0fb0a555c457a07d626967db2b0cf58500f27dd73b7211aa91dad478eb8d86ef999c36c6f416764b7143

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads