0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2

Analysis

max time kernel
146s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
Size

184KB
MD5

8974b95a436f8f6a41fdf85808b3331c
SHA1

7b8061653d16ce26a9ce99ebcaa315c30afd0c0a
SHA256

0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2
SHA512

13d040029ca07e0fa86fc8bf2e1bf4c9943ceba91cdb9114fe5e197558f68d5c2e2905ffa6c07676b134129d4765d90e22da777e28d9aba5e148284fbe91419c
SSDEEP

3072:Ey976QAoYbAusdZ3tMjl8p77IlvxqsviuN:Ey9aosYZ388Z7IlJqsviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
2036	Unicorn-10334.exe
3032	Unicorn-62633.exe
2576	Unicorn-46852.exe
2800	Unicorn-44818.exe
1604	Unicorn-38688.exe
2388	Unicorn-20169.exe
2396	Unicorn-303.exe
2972	Unicorn-37081.exe
2732	Unicorn-2005.exe
2888	Unicorn-12659.exe
2936	Unicorn-64361.exe
1908	Unicorn-41632.exe
764	Unicorn-8859.exe

Loads dropped DLL 26 IoCs

pid	Process
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2036	Unicorn-10334.exe
2036	Unicorn-10334.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2576	Unicorn-46852.exe
2576	Unicorn-46852.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2800	Unicorn-44818.exe
2576	Unicorn-46852.exe
2576	Unicorn-46852.exe
2800	Unicorn-44818.exe
1604	Unicorn-38688.exe
1604	Unicorn-38688.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2388	Unicorn-20169.exe
2388	Unicorn-20169.exe
2800	Unicorn-44818.exe
2800	Unicorn-44818.exe
2396	Unicorn-303.exe
2396	Unicorn-303.exe
2576	Unicorn-46852.exe
2576	Unicorn-46852.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
2036	Unicorn-10334.exe
3032	Unicorn-62633.exe
2576	Unicorn-46852.exe
2800	Unicorn-44818.exe
1604	Unicorn-38688.exe
2388	Unicorn-20169.exe
2396	Unicorn-303.exe
2972	Unicorn-37081.exe
2732	Unicorn-2005.exe
2888	Unicorn-12659.exe
2936	Unicorn-64361.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2036	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	28
PID 2012 wrote to memory of 2036	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	28
PID 2012 wrote to memory of 2036	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	28
PID 2012 wrote to memory of 2036	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	28
PID 2036 wrote to memory of 3032	2036	Unicorn-10334.exe	29
PID 2036 wrote to memory of 3032	2036	Unicorn-10334.exe	29
PID 2036 wrote to memory of 3032	2036	Unicorn-10334.exe	29
PID 2036 wrote to memory of 3032	2036	Unicorn-10334.exe	29
PID 2012 wrote to memory of 2576	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	30
PID 2012 wrote to memory of 2576	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	30
PID 2012 wrote to memory of 2576	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	30
PID 2012 wrote to memory of 2576	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	30
PID 2576 wrote to memory of 2800	2576	Unicorn-46852.exe	31
PID 2576 wrote to memory of 2800	2576	Unicorn-46852.exe	31
PID 2576 wrote to memory of 2800	2576	Unicorn-46852.exe	31
PID 2576 wrote to memory of 2800	2576	Unicorn-46852.exe	31
PID 2012 wrote to memory of 1604	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	32
PID 2012 wrote to memory of 1604	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	32
PID 2012 wrote to memory of 1604	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	32
PID 2012 wrote to memory of 1604	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	32
PID 2576 wrote to memory of 2396	2576	Unicorn-46852.exe	34
PID 2576 wrote to memory of 2396	2576	Unicorn-46852.exe	34
PID 2576 wrote to memory of 2396	2576	Unicorn-46852.exe	34
PID 2576 wrote to memory of 2396	2576	Unicorn-46852.exe	34
PID 2800 wrote to memory of 2388	2800	Unicorn-44818.exe	33
PID 2800 wrote to memory of 2388	2800	Unicorn-44818.exe	33
PID 2800 wrote to memory of 2388	2800	Unicorn-44818.exe	33
PID 2800 wrote to memory of 2388	2800	Unicorn-44818.exe	33
PID 1604 wrote to memory of 2972	1604	Unicorn-38688.exe	35
PID 1604 wrote to memory of 2972	1604	Unicorn-38688.exe	35
PID 1604 wrote to memory of 2972	1604	Unicorn-38688.exe	35
PID 1604 wrote to memory of 2972	1604	Unicorn-38688.exe	35
PID 2012 wrote to memory of 2732	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	36
PID 2012 wrote to memory of 2732	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	36
PID 2012 wrote to memory of 2732	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	36
PID 2012 wrote to memory of 2732	2012	0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe	36
PID 2388 wrote to memory of 2888	2388	Unicorn-20169.exe	37
PID 2388 wrote to memory of 2888	2388	Unicorn-20169.exe	37
PID 2388 wrote to memory of 2888	2388	Unicorn-20169.exe	37
PID 2388 wrote to memory of 2888	2388	Unicorn-20169.exe	37
PID 2800 wrote to memory of 2936	2800	Unicorn-44818.exe	38
PID 2800 wrote to memory of 2936	2800	Unicorn-44818.exe	38
PID 2800 wrote to memory of 2936	2800	Unicorn-44818.exe	38
PID 2800 wrote to memory of 2936	2800	Unicorn-44818.exe	38
PID 2396 wrote to memory of 1908	2396	Unicorn-303.exe	39
PID 2396 wrote to memory of 1908	2396	Unicorn-303.exe	39
PID 2396 wrote to memory of 1908	2396	Unicorn-303.exe	39
PID 2396 wrote to memory of 1908	2396	Unicorn-303.exe	39
PID 2576 wrote to memory of 764	2576	Unicorn-46852.exe	40
PID 2576 wrote to memory of 764	2576	Unicorn-46852.exe	40
PID 2576 wrote to memory of 764	2576	Unicorn-46852.exe	40
PID 2576 wrote to memory of 764	2576	Unicorn-46852.exe	40

C:\Users\Admin\AppData\Local\Temp\0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe
"C:\Users\Admin\AppData\Local\Temp\0f5428a3da9012298293f53e62671f561cd96dc775826a4896320776b74e2dc2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
    3⤵
    PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
    3⤵
    PID:1436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    3⤵
    PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        7⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        6⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        5⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        6⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        7⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        6⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        6⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
        5⤵
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        5⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        5⤵
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      4⤵
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
      4⤵
      Executes dropped EXE
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        5⤵
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
      4⤵
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      4⤵
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    3⤵
    - Executes dropped EXE
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
      4⤵
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
      4⤵
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
    3⤵
    PID:304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
    3⤵
    PID:1232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
    3⤵
    PID:1208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        5⤵
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
      4⤵
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      4⤵
      PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
    3⤵
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      4⤵
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
      4⤵
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
      4⤵
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
    3⤵
    PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
    3⤵
    PID:848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
    3⤵
    PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
    3⤵
    PID:892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
    3⤵
    PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
    3⤵
    PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
  2⤵
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
    3⤵
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
    3⤵
    PID:352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
  2⤵
  PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
  2⤵
  PID:2520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
  2⤵
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe

Filesize
184KB

MD5
e20a8bf86fe20432ffd743270197c94d

SHA1
d434f0fb3917a60feaf01f262d3d167d698f92ec

SHA256
874420c23a60334af37ec9ca2fcb326acbc136102f0f14e6ff7f61597f32c910

SHA512
abc9e5397cbc5505a897fa765050ec1006f47ef66af2a7a698371693d96adbd2efcf7e3db691af2657b8a4f8fbef0f84fd8ba06bcadc96e855bd096b4fcea15f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe

Filesize
184KB

MD5
525f14d3646f5293a6519839ba77bac1

SHA1
c7e9acea78f58c5ca6d4be17a855755c364110fc

SHA256
0ab3d8df145adb75a2d347ec61009a0abcac90f13f19c92d8f7277a12a455de3

SHA512
a88fe6e19d101ef15f8641049a0f4701a8143702f2bf8f28b4948bdce96b96a0c98178582deffeeab9ebfa2dcdb3e380394279448b271dec9f59c247e6ae197f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe

Filesize
184KB

MD5
efa5965d138b23e595c8ef1e52fcc8fe

SHA1
42b7e7753d05f1d1c4adf4e59b749fa11d70b166

SHA256
68ce06e090667002b9f8baa2726d7e31a46b5b8298dbd94badbdb4e3e2ad76ba

SHA512
6d4785f8933a8dfcaed6d5edb198e3ed44bba0da09b32df48ad58fa785fce5a019f7d96d8faab90dca96676d3f1943dd62f995859433aad7cd127a0474b5e375

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe

Filesize
184KB

MD5
97e785ae1352b835d260c9218fe32d7a

SHA1
f65208cc1543465e6dc5d9266d271880d48b7ee2

SHA256
80f0ed0a96aa1ec5210524cd277fa2916cc0e9691e2cb78b190979e0d91f671b

SHA512
60e013f68a75387204a91adc7c899cddd95813e16b38344e938f38dc201af1e19dd675ecd58af46e5a70a3d37f663690df0a9423298a939bbede620009298e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe

Filesize
184KB

MD5
f4a742a954716dc345c5295f79cb43fb

SHA1
aa6fc39cbb79231b0842c15f086d7172a01217a2

SHA256
682779095037fe5e99535657dbcfdf2e9550df517e67466224e70d70fb0378ac

SHA512
12d4b038785b47e4019ff9493553cf8eddbf604e668c86c8c4498759a5f47d641d7e7255fdae8f28539484eb957ab32ef4a890c3bb3921e0a4f63f77c7ac3f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe

Filesize
184KB

MD5
69ca305398b4e0981a3aab3eb7c80867

SHA1
d98af7ea5c67b573503b8a13346250d4fd98ee4f

SHA256
910dbb31e4c8c68d921be00cb4011e8745395cf617c548e1a17c2de9a6203fd1

SHA512
00272906c827a562d3435524f713ccbecb389e85d67e975d1e4173c39c1806a508469506c3b7f7d460ecb66c82e6e52bcb02cf6bc66049932600ff4567dd0b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe

Filesize
184KB

MD5
70e7bb8f148f6a4e56d49d44654a2cc5

SHA1
98ee2b5b23fada9be3a6180c24137bd32bf5b7d2

SHA256
074e5ba1eee1df0a4ff61d61fe884a9d0d81598536031a0e11985c71c27a7568

SHA512
6dc552b843e50361c70c86e582a20799bf27ea540146864962d51eac9ae66cb770e8bfd51d30fdf73c50a48881a88114ec931c3f51db4b7fad6cc89260a9f7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe

Filesize
184KB

MD5
e196b2749b4b5d6a07019ba850ae942f

SHA1
a0769116de3b735b163d7729e55616d5612e7b93

SHA256
b6f539d7a0151068cb4624b3eca2ace820467758ff07b3d78c760f277fa63c6e

SHA512
a11c6c48dd890b4162331daa32c2efdeed4e7ed62cf9d1689ad2ce05d648f8d83e5572b21985927cab39c6c67b38332e3423cb6b995bb99a0bb06197e46d149c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe

Filesize
184KB

MD5
a045accf7653365ee21250362a71f8a8

SHA1
1dbeb23866a6cc1f6b9aff8a6a155fefdf1baf3b

SHA256
667e21d459ffcc0278e752f41297786dc14f1404dae8b1a6adec38e90ebc68fa

SHA512
264bf57ac7a275f9d5a2276a605e7bc6b737e46e8be45319c6b1b47a9784b9c4c51740ba92325a898e4992c24656511a8d8d998aec1935e9aea8945a3bd9a907

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe

Filesize
184KB

MD5
d071e45efcd5f75a53ed12dfc31057ba

SHA1
4e1956e605f92646d709ac2bafa90c8bfd03e8dd

SHA256
bd190e3c6970ed2b1624e12af8a672da3a7e484ec7d2f6f20c623c39323cc491

SHA512
46124bff8d4fc15e1315990905f9fd79b88dae9c4271026e4c710d930e32c73ec30ac0a6153fa3ee6396acd7138cf32415f7eda5c3289c57c3914b21b0d73b16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe

Filesize
184KB

MD5
3e54de902fa3dec62ab53c2481332229

SHA1
560980b63f614f170eafc206ee01b68e3e7113a8

SHA256
a49cffaad7bba25b6d7560e11f000128dd4857642da99c357cf80776cbf04080

SHA512
0f9b4197ade23027bd9031ed8602a878c7f76852104bb3379f5d46c2b905438653598fb316adbd6aec21d990de17e1d789313dff594199d70314b17ccb9aa1b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-303.exe

Filesize
184KB

MD5
131a3b9345c35d046ca3e34778a3242c

SHA1
a425d9df579d81ed5ccfa9ef5ef0c5eee0cbe790

SHA256
ed488454ea3bbc10f188835aa0b19d0c42040f8990b43b30439c12b02cbdc4b7

SHA512
0776e1e44b1536c93803c230342471c2138b1212c1c9b17b2643cbfbac550a183ad7771093eb1cd35645bf46d0f45d09629fa968024a2272c0bf5821423d904a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe

Filesize
184KB

MD5
8a59015b51181e8d488a717be56f717f

SHA1
f24d01d0dd7158a3320d26ca82613ba32eeec984

SHA256
51dba3225b811377034a7c7e3a5e4d47b08860ba4763075bd49bae35ec2cb59f

SHA512
1d6b5c86e4f5b0da913c941cdc9c4b9097aba175404790c9003958b3be62c6d94624c233f49eacf23cef185f7da5e703856ad3f5011277210f8525435b354c1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe

Filesize
184KB

MD5
6745c48d04161217fe150b6699296688

SHA1
264f34dff6cfc8c9d2c0b7e3997e3b9bfbbe3c60

SHA256
f9fcb4a369cce21bea24d62bea13ac43167bbcfd54ce30ef5d62a6a9e3f19444

SHA512
e0b4d5f333398807d2085ce8804f313ca117ff085704fc7e014718d94e76fa98f8c952fa4e619a2e2738ed63272f14aad1f5a4968c2ec0400e383c24fb1287fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe

Filesize
184KB

MD5
3b75545da2cf8cecde99288fc5bb8161

SHA1
18335b4d2996943e26bc6e3662490c5116677f06

SHA256
4cfeafd40bc8fda4880b50d6c41cb87cb770ad6dac6780c99bb11c896c33a3e0

SHA512
1973142520d494b29287f9c0de98559f4ce1ff6453f66d4251558e056ca17e19711c796e1300f1049a8ea5a0a62766a2150c8c98cad4a2abb1e086771717a9a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe

Filesize
184KB

MD5
ea1af4c820dfb34594fd80d3d657457e

SHA1
41ea2ec6942be6c22b111d0e0bcaacfdc70163e3

SHA256
db5ce384b8c2585d62f761052ad8dde34fc371b2716626308b91248a34d5edc7

SHA512
7b91566368464b9ce5feda3df4cec9dc7a8d63d5c9eb1facedd89f51081933338518299eb3bd0db725f371fdd3707eaad935b185af8bd2384f70f0dfc8281277

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe

Filesize
184KB

MD5
723733dedbded1918324e6372c2e5c2d

SHA1
137f14fc50fe07903843b1542546ae259da5110c

SHA256
ec0f7038e168b8ba600b1d77541d874bb4c782e616567adc928d2da479ba8740

SHA512
73345e2e960a2f38a6b3d7d6fcba01b1f88adcfc5bf0cff6320ac53f1b0acf435291c96200541db8392bf6057013afe2b14b86670a4c5356497bef9dc0c9b1b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe

Filesize
184KB

MD5
cd188d9d075a382b3b080b0b21b4af55

SHA1
32c198303ff589bc3c042bf4ce60a6a9681f0344

SHA256
78e212610672eacffc85e553cac45acf0817abcd806f1eef9a467407f8c263a4

SHA512
482dbaa2a26c5748fbc255fd2fdac4afdf8a9624de20af8003c34d4e16e417ab2880fd891cb40ed60ca523e7a20fab88d80e35ee0fd3838949848d1c05dee55f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe

Filesize
184KB

MD5
42785c0d56962b0bab92c384ff77bef5

SHA1
f02998cea2df38eed62ceffbf9dbe15a2cc0bdd2

SHA256
b54ecff53ee24646ef51e90fc7d2e9365716ee3f8c7d222e876c295fca37ff85

SHA512
4a7ddceb9176233b38f02f23f81e9be7b95fbd6d1d6f91b462578b7a2d2689be1add25cf39319de25f0e434a8f7a4e21dd45531c8d56e0ffddf2f9f1e81affe3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads