ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe
Size

184KB
MD5

5c623e17a2c347ad324029ece7baffae
SHA1

a5b4f7bf9664e655630f3a003cf2f51fd42b192b
SHA256

ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2
SHA512

dbde9cb9364f0ce00ff4ec8e4f6fd7e5071a1cb6a4be038a9d6526f2bb319fd37e8454177eace9431dcb5c704188266bbcfcfe61f4cb67cc46e4c63e6ffaea09
SSDEEP

3072:WjAnj8ong2X35QhZgitnm/fCPlvnqAciAInG:WjPohJQhnmXCPlPqAciAI

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 32 IoCs

pid	Process
2268	Unicorn-44349.exe
1532	Unicorn-14084.exe
220	Unicorn-43773.exe
2324	Unicorn-11313.exe
2632	Unicorn-38802.exe
380	Unicorn-12948.exe
2904	Unicorn-23717.exe
3580	Unicorn-59866.exe
908	Unicorn-33725.exe
4164	Unicorn-12505.exe
2452	Unicorn-14420.exe
4364	Unicorn-7316.exe
1408	Unicorn-51525.exe
3760	Unicorn-11364.exe
3832	Unicorn-13580.exe
4072	Unicorn-34437.exe
760	Unicorn-11777.exe
3840	Unicorn-32826.exe
4108	Unicorn-43293.exe
3860	Unicorn-13329.exe
4308	Unicorn-15161.exe
1716	Unicorn-14409.exe
1176	Unicorn-50834.exe
3532	Unicorn-21626.exe
1536	Unicorn-64594.exe
1080	Unicorn-8673.exe
2592	Unicorn-29805.exe
4680	Unicorn-47994.exe
2776	Unicorn-18690.exe
4092	Unicorn-35501.exe
2036	Unicorn-31490.exe
3192	Unicorn-43410.exe

System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50834.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
4948	ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe
2268	Unicorn-44349.exe
1532	Unicorn-14084.exe
220	Unicorn-43773.exe
2324	Unicorn-11313.exe
2632	Unicorn-38802.exe
380	Unicorn-12948.exe
2904	Unicorn-23717.exe
3580	Unicorn-59866.exe
908	Unicorn-33725.exe
4164	Unicorn-12505.exe
2452	Unicorn-14420.exe
4364	Unicorn-7316.exe
1408	Unicorn-51525.exe
3760	Unicorn-11364.exe
3832	Unicorn-13580.exe
4072	Unicorn-34437.exe
760	Unicorn-11777.exe
3840	Unicorn-32826.exe
4108	Unicorn-43293.exe
3860	Unicorn-13329.exe
4308	Unicorn-15161.exe
1716	Unicorn-14409.exe
1176	Unicorn-50834.exe
3532	Unicorn-21626.exe
1536	Unicorn-64594.exe
1080	Unicorn-8673.exe
2592	Unicorn-29805.exe
4680	Unicorn-47994.exe
2776	Unicorn-18690.exe
4092	Unicorn-35501.exe
2036	Unicorn-31490.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2268	4948	ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe	88
PID 4948 wrote to memory of 2268	4948	ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe	88
PID 4948 wrote to memory of 2268	4948	ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe	88
PID 2268 wrote to memory of 1532	2268	Unicorn-44349.exe	94
PID 2268 wrote to memory of 1532	2268	Unicorn-44349.exe	94
PID 2268 wrote to memory of 1532	2268	Unicorn-44349.exe	94
PID 1532 wrote to memory of 220	1532	Unicorn-14084.exe	97
PID 1532 wrote to memory of 220	1532	Unicorn-14084.exe	97
PID 1532 wrote to memory of 220	1532	Unicorn-14084.exe	97
PID 220 wrote to memory of 2324	220	Unicorn-43773.exe	100
PID 220 wrote to memory of 2324	220	Unicorn-43773.exe	100
PID 220 wrote to memory of 2324	220	Unicorn-43773.exe	100
PID 2324 wrote to memory of 2632	2324	Unicorn-11313.exe	101
PID 2324 wrote to memory of 2632	2324	Unicorn-11313.exe	101
PID 2324 wrote to memory of 2632	2324	Unicorn-11313.exe	101
PID 2632 wrote to memory of 380	2632	Unicorn-38802.exe	102
PID 2632 wrote to memory of 380	2632	Unicorn-38802.exe	102
PID 2632 wrote to memory of 380	2632	Unicorn-38802.exe	102
PID 380 wrote to memory of 2904	380	Unicorn-12948.exe	103
PID 380 wrote to memory of 2904	380	Unicorn-12948.exe	103
PID 380 wrote to memory of 2904	380	Unicorn-12948.exe	103
PID 2904 wrote to memory of 3580	2904	Unicorn-23717.exe	104
PID 2904 wrote to memory of 3580	2904	Unicorn-23717.exe	104
PID 2904 wrote to memory of 3580	2904	Unicorn-23717.exe	104
PID 3580 wrote to memory of 908	3580	Unicorn-59866.exe	106
PID 3580 wrote to memory of 908	3580	Unicorn-59866.exe	106
PID 3580 wrote to memory of 908	3580	Unicorn-59866.exe	106
PID 908 wrote to memory of 4164	908	Unicorn-33725.exe	107
PID 908 wrote to memory of 4164	908	Unicorn-33725.exe	107
PID 908 wrote to memory of 4164	908	Unicorn-33725.exe	107
PID 4164 wrote to memory of 2452	4164	Unicorn-12505.exe	108
PID 4164 wrote to memory of 2452	4164	Unicorn-12505.exe	108
PID 4164 wrote to memory of 2452	4164	Unicorn-12505.exe	108
PID 2452 wrote to memory of 4364	2452	Unicorn-14420.exe	109
PID 2452 wrote to memory of 4364	2452	Unicorn-14420.exe	109
PID 2452 wrote to memory of 4364	2452	Unicorn-14420.exe	109
PID 4364 wrote to memory of 1408	4364	Unicorn-7316.exe	110
PID 4364 wrote to memory of 1408	4364	Unicorn-7316.exe	110
PID 4364 wrote to memory of 1408	4364	Unicorn-7316.exe	110
PID 1408 wrote to memory of 3760	1408	Unicorn-51525.exe	111
PID 1408 wrote to memory of 3760	1408	Unicorn-51525.exe	111
PID 1408 wrote to memory of 3760	1408	Unicorn-51525.exe	111
PID 3760 wrote to memory of 3832	3760	Unicorn-11364.exe	112
PID 3760 wrote to memory of 3832	3760	Unicorn-11364.exe	112
PID 3760 wrote to memory of 3832	3760	Unicorn-11364.exe	112
PID 3832 wrote to memory of 4072	3832	Unicorn-13580.exe	113
PID 3832 wrote to memory of 4072	3832	Unicorn-13580.exe	113
PID 3832 wrote to memory of 4072	3832	Unicorn-13580.exe	113
PID 4072 wrote to memory of 760	4072	Unicorn-34437.exe	115
PID 4072 wrote to memory of 760	4072	Unicorn-34437.exe	115
PID 4072 wrote to memory of 760	4072	Unicorn-34437.exe	115
PID 760 wrote to memory of 3840	760	Unicorn-11777.exe	116
PID 760 wrote to memory of 3840	760	Unicorn-11777.exe	116
PID 760 wrote to memory of 3840	760	Unicorn-11777.exe	116
PID 3840 wrote to memory of 4108	3840	Unicorn-32826.exe	117
PID 3840 wrote to memory of 4108	3840	Unicorn-32826.exe	117
PID 3840 wrote to memory of 4108	3840	Unicorn-32826.exe	117
PID 4108 wrote to memory of 3860	4108	Unicorn-43293.exe	118
PID 4108 wrote to memory of 3860	4108	Unicorn-43293.exe	118
PID 4108 wrote to memory of 3860	4108	Unicorn-43293.exe	118
PID 3860 wrote to memory of 4308	3860	Unicorn-13329.exe	119
PID 3860 wrote to memory of 4308	3860	Unicorn-13329.exe	119
PID 3860 wrote to memory of 4308	3860	Unicorn-13329.exe	119
PID 4308 wrote to memory of 1716	4308	Unicorn-15161.exe	120

C:\Users\Admin\AppData\Local\Temp\ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe
"C:\Users\Admin\AppData\Local\Temp\ecffa9c0b464d68c0b90d1e9da81e3f1b840e5288b262a720f608622359c5be2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11313.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        34⤵
        
        PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11313.exe

Filesize
184KB

MD5
d634f223378717aeadfc70aa4603bdac

SHA1
cd301ba519a4ffdcc036a601869166eeb6e51dad

SHA256
4593c5d98ed8df302cc140b33b52f6fef00f77b4e234e510d516bac5297b763f

SHA512
bf2123b4cb6046e6b50765dd48f66e4aae528e3369640d810560d509dced186e17354e9a61011c591e1aad3e5b7f593a4aede98cbe115988be2f1852b13424ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe

Filesize
184KB

MD5
0f7640cb68c3a0c17577e7549ac68a1b

SHA1
222db890cc937f9de7ea42e7edde3bb580e637d9

SHA256
73ca69da3d5a76b0666a023f8775e8f91481ef7bc20a52ba4433cb68d7aa8210

SHA512
2a3f386887f7f386be13a3460952ae8609184d0542550350862a8e1af3994c5ee7266dd099bd441e92746366028daa57580a74f2142ec40ee669029e972d0c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe

Filesize
184KB

MD5
8250d7d415fe0682e0e837b9420390ee

SHA1
dd02ae5287d25d726c540d76c96aabb15cce849a

SHA256
e1e9ad047536c6a1bd3fbebd9352cc7b2574816f5429d4386868cc4174c90d71

SHA512
74e864560bbbdba8f025e5dacc003cd92229b55eb2f2470d7ef97dbb7e0ad422264c8d37158e0f1d5d618435e64ac03401c376fcfca11ba0a547f42116e045d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe

Filesize
184KB

MD5
fd531d0170de7b076f3fcb6afe3b50ee

SHA1
0418d57ebc63cac6a28cff2e4654cda3cb30476c

SHA256
b0c9cd1506b51ded2202b3c692d8265f4146eaaa2b9014c93687a5ef2bbd6340

SHA512
42e9819ee7cd8aa008ee5c3fea23e7f0d37ff543e04cafe424e8005f961a5903e1a1cc2c1fb3161b50bbd458ac3c81b73e1b412a1271ac9262bb8106923ecfe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe

Filesize
184KB

MD5
cacd55ccb027d9c84e9424d305c3f392

SHA1
c2e504d86442db7f151800592a6feb57449fcfc7

SHA256
da2936610c5fa29b04ab1a4d70d68f96834949d961a82a7db2fe2d3028b541a6

SHA512
dd6f2c1a475c1bd806a6d13be3655082ec9564b0f58e957d07bf570418196dd15cf45bc46494b8c5647dbe723875ac2e739e3179b8a0f5b245de0ed365fd6314

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe

Filesize
184KB

MD5
1546e784a5a3b23970364e2c74c2b35c

SHA1
53375231b2a0a91660258f27550569c358717196

SHA256
75b011309c9aefacf683500ea48546baf49cca4eb028f730d3e49269b530ec6a

SHA512
b8696c57a7376c77f7fbfbdd9839c1f1dab49a648bc2590717c321a9738137fca05a351a915b08b87f8a817b42de85ebdb4fd717c6884e5bad480f6341c3c076

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe

Filesize
184KB

MD5
da318c7636dae678a50095d8137dd92a

SHA1
b65485af8b18366500fa7beba7fa2969c33ca1b4

SHA256
1195c9d2713b383006f2bad42284721b511eaad564d869a8eac4e4a8a3cf7d22

SHA512
7fba92eeaaf6f9cc6b304228c26f97f7e1eeed4a54b463c9c2fbe6c2cd069bdba5e577fb4041f4c84c71f9581f66103024420fb1552cf96ac22bc934caf49b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe

Filesize
184KB

MD5
7967a3886b1dffa0c727626a434c38ff

SHA1
d838b81bb3f7d6174bb6b1e1bdd665aee66d32db

SHA256
b9e8968597b9d8bdaa5364d0f03c0e5fb9c912cea9046ea5032fa190cd07dc99

SHA512
f5004bdaf18ef271657717ee9928ca0deda1a32d8ee3cbb013cb3b3e41d098d95aba7a75ae23d79d11df9dd7adfc91938ae7e95d62aa5ba2ce6bc8568a8e4bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe

Filesize
184KB

MD5
24d2785748f0bb4deb88c2e84de2725f

SHA1
f2c2b37b47e23d6ff5fd70a4b2fb8980ab6c2bfc

SHA256
47f4ad58ea9c784ade06cc73267b4624bd82e96d6be52029e0551c6c3550a5d2

SHA512
b20fd8025feac8534882f1df0ead37201abe55f03f3fd4725a59832e35078201d8bddfb463995c66b0907baf633076f84eecd59e95f5a86b22fb4c55b1b54456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe

Filesize
184KB

MD5
6aa0178f2c26e3ca94116bdabcc68329

SHA1
f03ff95e9ddccaacea0feae6014dac3ed793cfc6

SHA256
73083e72dbf296bbfdfb7ee6ef22c23deae75e84adf25a1177082e8fb8d2cdc8

SHA512
4f15c392563fc60df2685a1d2dd58f5ab2b6a330c301209f7f0b150cda9066b786dcd341681ebf9225a98a1c9e33591de4348156b615d5836fc05fdeff970c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe

Filesize
184KB

MD5
5e7177787fbdcd92a56a97bb5b9b52be

SHA1
a46c731c840bc0b21321fb796c212da1e682c217

SHA256
7d9b65779df4aa1302782cb7430cdf51d2e3b1c4341b65c20739e8da52888bb8

SHA512
8441c48306a890b69864e4d9979550de963438ecd44a6189b63c019c04ff79c317abb523fff60cd8bf08fe09c6548761f2c0fdfec54034fa0399718b4d08c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe

Filesize
184KB

MD5
78155809dbc3254cb5943865f8aa604c

SHA1
eabb6296dd2a50788b4ef35dbf3bb61edfc746a0

SHA256
bc77e2e12eebeecee9b3a62ec62ad29f0e2dad2e18d1ecfc75fcb2a3b3e3da5e

SHA512
8a34c9c87c733223a0f726b88e9189608610a3aaa64ce3ea9dd5ce73bfe3f7f53d6da07e4a4f87a64856fcc0c7ff56c46f984841d99a716b9a9daf4cb6d7ef5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe

Filesize
184KB

MD5
22ff72ccd5e1cc38bfae85ee41189684

SHA1
1ef3449f85e5fc236104535784afccc4d231c111

SHA256
24ba5ab53a085e8ea3ffb3e16a0a0de9849e72f206085cf562c3ba0609d91abd

SHA512
372e1ae73f0b2e0e2e0564da891e6f3b98d13deb808d1298d91dc03ee1c3dccd0c12f12cf2a7b40215ed565dc067c48d2352228a2f5fb79b65fa96f197ee6ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe

Filesize
184KB

MD5
d78feae3ae463e98f98d25aa298dd0f1

SHA1
ce4858fbb8bb7f91bb2001b6c0e4e8b831057f62

SHA256
e0b4e974b49900ce0b1e4b93643d88a59a3b2b9dd7266b486537f29793e7067b

SHA512
5e2ffdc94888ed51704d68d11b1770f1140a14eae37f888f2c7354fe2958ce83fb4ea505f4c78122bdc6909d4b1c104d83a465dfdce5346eaf6c7da7e0e22582

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe

Filesize
184KB

MD5
c4906aae00402cfb7acaba74068243d2

SHA1
6e30b1811e63bdfb5eb15ca5324e7da765571a19

SHA256
0ff15b70aca54f0fb8d388f23f6c0e579cadc9c203af3790b9a54a9109d27478

SHA512
d247238eb45fe816cdad83fe2af81b7e34f4b352334f8e15e95123a9efe6e8d6e1ab428d5797d8e98a1a2771338990e0c7dd65c62a48c8d8d41b8aa718ee9bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe

Filesize
184KB

MD5
7835690bd18c6a96684dbce195743526

SHA1
6d269538a59a4321c0a56cd85dfa891f974e5722

SHA256
72f992978bdfb3dbe5ccd556c9789dd975b72ca79a4f13446f8912925e81ee24

SHA512
0dfb0967666fc1a87e13d7945726c0ce5dc0f1c6534da419a544a69c1779562f4377a22ed28b4c3e66e37e15bbf82217c0e895c21b4ec5c76f4f37403e7bfaf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe

Filesize
184KB

MD5
cd3dde86d79c5a2244da73b83b9ad5ca

SHA1
8d15889c26042cc4015447ec298d44db3a62961d

SHA256
a254f71bfd4546ae0a36e31d8754bc10ec2da8cdcbb4e9519db0f333b2166f9f

SHA512
ee6ac2518af2ae57cbb5ad7d48c7a511ea7f916dc932ec36f25359cb4a72801d1bf7339d52a86832fb752741cacb7310c0c4048b9f90a79d53242f0d33d2f8cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe

Filesize
184KB

MD5
ed51dac48153d9ce6981d1f389e79840

SHA1
4037a77a9f45dbd14163917862d4a790733c5955

SHA256
54c0ac782bed90fc26d32548f2bfb62990ee48fbb04d7c60bba9302f37991203

SHA512
3e848a85d920dc7acf39f2705af1a0f50d5039faa400ef61a0a36b146bdd61227005a596de0ad18604422373dca6d0fb3fbec2e10ea42caa85029c79fbf095f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe

Filesize
184KB

MD5
ad8b957b14843b521eb600679679a987

SHA1
71822c2329a34a5f4e82ea59f97f09419396f36b

SHA256
872b2a7c849297359e683df387e9a8810e9cd2fbbacf14a441762e8ba8de5213

SHA512
4aedbd76a826db59e8bc70e60aa2279bf023ba10624bb6cbed252ada28ab96b6f54feb973d40f1868d1df9ab27c537047b1f9217b1192f37783ffaa81b25fa16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe

Filesize
184KB

MD5
f14e52a3a754e3237d25ea253fc0fe29

SHA1
109c11b067b55c8fd026d748a8a6c8355f8ab5e1

SHA256
41d87e014f7aff6b157c7c7636d6df3c42dae25cc6e697373ae602895e01ae1d

SHA512
429893fc582c1ddf5f2f5a540adf11a3f987ecb1da1917c9c68cf5b1aa6dabf0fbe128a3f5195e0bbfb0fcb2ea02fcc76c6a12a9837f3378b298a7e3763bd0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe

Filesize
184KB

MD5
b82b8335f5371cf65bc2cbb1a6372df0

SHA1
8fd2c7a09ec1ee5bfc850a1883596df9cd3b8466

SHA256
072e0e2b6f7dcaf53051bbf1b153d58c4da4e5072fadc59e2f707310363287d5

SHA512
61561c86bdf8c145d8d6ef8cbf1b63b4d1ed32d4cf2bc849080c8e5e75094607672174bd89843117b783d8da0d406ac4d32bd44865c13cbb006bc2faa48b472e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe

Filesize
184KB

MD5
85b2b3ec4b49d4ebbe845984dca322d8

SHA1
614b74ad4420ee8700aef40ef7ab209c21f74405

SHA256
d1ef008ab564a8b92fe3a31b56d13f4863b8682fdab032cab09369d1067af5a0

SHA512
73b58b97356659fa6048a3f3774b868846e6099a91c05117985a24072c007e28be4d41fd903e1535510a55e2c54831b16a57011c97d0ded2ed5d850b2d8bf956

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe

Filesize
184KB

MD5
09963260ae93a19d15259c25189c5dc6

SHA1
6d7d0d14e1d55e26ce6b52fa2473626055b854d0

SHA256
4b0c07e891c2a6a723b0cdf8977cdaf2d47765d381991e3091f05d7b7675bff4

SHA512
9086c415434e7f142a20a0d421f7a10493796eb5c99a4822d8012e946e300b6f7b7fd86a27e499ebed53f3ef0d4d8971fcb53561fc233472a9252c20ae34c3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe

Filesize
184KB

MD5
5cd972bcd417d331a0b0b11537b53eda

SHA1
c23db816ca71010c88879e5a73e6264c46272eea

SHA256
3a71518c20a282dcd60f4f8166db1c577c5d9f9eb078c36cd0fb8fa4852f71d3

SHA512
37a686981820e2abe04daa1659db791bcdfdca523027dffa35ec1c088ecf38cb769301b48a23f8b3b07cc31b1f2e7557dd78a713c6990fb68bd985be70fa369a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe

Filesize
184KB

MD5
9294d2ec5a55816d5023cbdf62a1f94e

SHA1
d7ad9f6047b25d51bfdc3e41e2283202a4a034ed

SHA256
293e19526c07c70034fb78822e9a1d413c0ee85f14b8140422cb7c646d557c2e

SHA512
860f1b92e0e5a56d6ebf0cd0ac7bca853f5675024e840278ed3f24b1fa441bbe9e28b46fe5251b8a29406cbcbeb23714c192d74c7c6f657f878fcf14195c0f78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe

Filesize
184KB

MD5
1c7a71348dad4a1ec9868c43fb0a3384

SHA1
3df5ee69308080eb2cc506e0832ccafb886caecf

SHA256
afbce82b67e8f1858e181805cddb6fafebae2a09479c379bea4d253f82e40124

SHA512
080c3a872b793c34236af0f6e2d99beca1df3f9e7b2118498cfdeb0877182dc21c885e7fb1a59a39a84680171476c529841c8e7f996b09ebc144f4a41a1f7b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe

Filesize
184KB

MD5
f1099e00b7cbf59e57bfb27b7afe68e2

SHA1
f17ad1bc3f652809cd36497ba10116b101d4743f

SHA256
a0e65cacbb2124ccd4e7c3d9f64ec78ec0fe32cacc92fa93e03ee5b8b9a21516

SHA512
7d83721707930ff55a3aa2aa8014af670ae690acad1a433cef99dd2660947179680d514bdccedd11d849ba7783b073ed8ab7f75cfb4c36f0a45d03c2239862f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe

Filesize
184KB

MD5
b04ab90fe3d179d5d8a39165bc44e695

SHA1
3ea14f4b108586c8437fcf5aa12b109151ee8bed

SHA256
1b61e7542c04708d3b480317fee840f6254db964ce18ab69efd74b677120c5e5

SHA512
8decc75131184d84077ecb07e59ab3cdc9abeb94abcbe7591173724f93903bce20d628a01c355ea05101e25b64e854dcac86a7ea36af8fc672444a7ce1b962ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe

Filesize
184KB

MD5
536e3e4bd6154f72f714cdf17007a4c1

SHA1
0e9c0ea26e9a5118d4e8a5f70f5ced6a8c1e4b66

SHA256
2d1633ffd6f14e7bbe8403cf1493487dac82b9a2ad9c9b921116559244bb1bfb

SHA512
021bb3ec619ff07e877d7197b5cdb2ab72a7ff0836c978a50c30441c7183c5ec010afca1941e543d850ee4c43439e79634668f910fd70828d5afbe835ad3eb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe

Filesize
184KB

MD5
0a6794710dbd00b0387ff07eb9d3b06b

SHA1
09cea7e926a4e46510e6faff65c3f640245b0c99

SHA256
d01218e52217de0a85ee55bf29fabb9072fa3b9480180b64fada2d3dd459ab43

SHA512
423a2b6439d7f8373b685169a433c38b3fbc8b185bacadd5c7c6ea8fa1bd2de460c72fc3f0f9a9287e0da8a2ca979532ed7452094260a77cb58aebfb8c5db24b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe

Filesize
184KB

MD5
853909e05106459b7d56a96913d59615

SHA1
a5059998b29dabd92e269e5a7c1aac0da9ba21a1

SHA256
2dfd66745c4e3987db62cb4a3ad87acee89f6e0798970bf2225c7127040d06e5

SHA512
d4749b52515cc516c328984e2217d31f4d7d4a3ee03df0bc7e9e852a67c4694eb4dc9daf673ea0b5508c5806c8c203e2d53d364bd70fe2d3a0e0a0cc1f8b92a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe

Filesize
184KB

MD5
b4f65ffffc10e6ec6040a71f464563d3

SHA1
f95caaaf991f00b568e8d27d1cb59cfaae781cad

SHA256
b42597c6ab200a718c576e6e4ef8c80d9bd76d5b74a0cb0abd1e42a920f0fc6d

SHA512
368697040827513e50d921c221a88cb4cdd015df238dca2c367d9f936dc6c5956b1dbd102dae4ef4c5aec620f7c3bcddd6606fff2b8366a3460fb085e0f42ba0

Download Submit