| File name: | 1 (1230) |
| Full analysis: | https://app.any.run/tasks/7dc1f4e8-ae77-4de1-a69b-74c111638764 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 10:36:19 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | AA9609267D0C41C32CADEC2E88495FC0 |
| SHA1: | C4EA809F08A4AA5B4C2B2DD6152486EDC5755F79 |
| SHA256: | 3E33B0928077ECDB655B919DAC748287458119BCB3FCB4DBB4BA383AA6049D49 |
| SSDEEP: | 6144:Y7TLnghCQD2eAgxJp7esP5Jx5tPqDp8GBf/xyeOoTk/8SwjwpyAvEh7daDclsVNa:Yfz+geAgLpaCP6+afJyeOoEx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1230).exe (PID: 6668)
- Unicorn-31986.exe (PID: 664)
- Unicorn-63802.exe (PID: 7824)
- Unicorn-25074.exe (PID: 7924)
- Unicorn-46049.exe (PID: 7944)
- Unicorn-52593.exe (PID: 7972)
- Unicorn-27600.exe (PID: 7848)
- Unicorn-46463.exe (PID: 7964)
- Unicorn-55774.exe (PID: 8028)
- Unicorn-24446.exe (PID: 8068)
- Unicorn-63240.exe (PID: 8076)
- Unicorn-35629.exe (PID: 8116)
- Unicorn-20916.exe (PID: 8048)
- Unicorn-63086.exe (PID: 5408)
- Unicorn-2188.exe (PID: 3332)
- Unicorn-37252.exe (PID: 8124)
- Unicorn-35629.exe (PID: 8108)
- Unicorn-31280.exe (PID: 8100)
- Unicorn-13885.exe (PID: 6800)
- Unicorn-36344.exe (PID: 300)
- Unicorn-27482.exe (PID: 5380)
- Unicorn-59889.exe (PID: 5772)
- Unicorn-2785.exe (PID: 2108)
- Unicorn-31566.exe (PID: 4724)
- Unicorn-45856.exe (PID: 1228)
- Unicorn-32120.exe (PID: 1184)
- Unicorn-43056.exe (PID: 1056)
- Unicorn-32120.exe (PID: 6644)
- Unicorn-16190.exe (PID: 3100)
- Unicorn-45333.exe (PID: 5800)
- Unicorn-46677.exe (PID: 672)
- Unicorn-46677.exe (PID: 2284)
- Unicorn-5089.exe (PID: 4880)
- Unicorn-27547.exe (PID: 1312)
- Unicorn-33486.exe (PID: 7188)
- Unicorn-42208.exe (PID: 7320)
- Unicorn-53714.exe (PID: 7576)
- Unicorn-53906.exe (PID: 7200)
- Unicorn-33029.exe (PID: 7416)
- Unicorn-5857.exe (PID: 7408)
- Unicorn-59142.exe (PID: 6640)
- Unicorn-11700.exe (PID: 6712)
- Unicorn-10496.exe (PID: 7412)
- Unicorn-3811.exe (PID: 7380)
- Unicorn-59889.exe (PID: 5244)
- Unicorn-14025.exe (PID: 7500)
- Unicorn-46677.exe (PID: 6620)
- Unicorn-1581.exe (PID: 5116)
- Unicorn-26086.exe (PID: 7708)
- Unicorn-58188.exe (PID: 7744)
- Unicorn-34254.exe (PID: 7808)
- Unicorn-56712.exe (PID: 7788)
- Unicorn-42614.exe (PID: 1272)
- Unicorn-26086.exe (PID: 7628)
- Unicorn-28123.exe (PID: 7584)
- Unicorn-62577.exe (PID: 7484)
- Unicorn-40318.exe (PID: 7532)
- Unicorn-62073.exe (PID: 7784)
- Unicorn-10304.exe (PID: 7772)
- Unicorn-8008.exe (PID: 7648)
- Unicorn-24859.exe (PID: 6108)
- Unicorn-43233.exe (PID: 5048)
- Unicorn-55376.exe (PID: 7912)
- Unicorn-27298.exe (PID: 6676)
- Unicorn-27298.exe (PID: 632)
- Unicorn-27298.exe (PID: 7904)
- Unicorn-17851.exe (PID: 7684)
- Unicorn-20208.exe (PID: 4464)
- Unicorn-55376.exe (PID: 2240)
- Unicorn-55376.exe (PID: 2420)
- Unicorn-12668.exe (PID: 7732)
- Unicorn-55969.exe (PID: 7148)
- Unicorn-41640.exe (PID: 2772)
- Unicorn-61506.exe (PID: 1040)
- Unicorn-3945.exe (PID: 1240)
- Unicorn-37770.exe (PID: 7952)
- Unicorn-41470.exe (PID: 7152)
- Unicorn-57806.exe (PID: 8024)
- Unicorn-46493.exe (PID: 7764)
- Unicorn-44600.exe (PID: 6044)
- Unicorn-61698.exe (PID: 4696)
- Unicorn-10451.exe (PID: 2644)
- Unicorn-5076.exe (PID: 7012)
- Unicorn-26094.exe (PID: 8196)
- Unicorn-34262.exe (PID: 8212)
- Unicorn-6036.exe (PID: 8232)
- Unicorn-18288.exe (PID: 8272)
- Unicorn-9373.exe (PID: 8316)
- Unicorn-46130.exe (PID: 8364)
- Unicorn-44084.exe (PID: 8332)
Executable content was dropped or overwritten
- 1 (1230).exe (PID: 6668)
- Unicorn-31986.exe (PID: 664)
- Unicorn-63802.exe (PID: 7824)
- Unicorn-25074.exe (PID: 7924)
- Unicorn-46049.exe (PID: 7944)
- Unicorn-46463.exe (PID: 7964)
- Unicorn-27600.exe (PID: 7848)
- Unicorn-55774.exe (PID: 8028)
- Unicorn-20916.exe (PID: 8048)
- Unicorn-24446.exe (PID: 8068)
- Unicorn-52593.exe (PID: 7972)
- Unicorn-63240.exe (PID: 8076)
- Unicorn-31280.exe (PID: 8100)
- Unicorn-63086.exe (PID: 5408)
- Unicorn-2188.exe (PID: 3332)
- Unicorn-37252.exe (PID: 8124)
- Unicorn-13885.exe (PID: 6800)
- Unicorn-36344.exe (PID: 300)
- Unicorn-27482.exe (PID: 5380)
- Unicorn-59889.exe (PID: 5772)
- Unicorn-2785.exe (PID: 2108)
- Unicorn-31566.exe (PID: 4724)
- Unicorn-11700.exe (PID: 6712)
- Unicorn-35629.exe (PID: 8116)
- Unicorn-45856.exe (PID: 1228)
- Unicorn-32120.exe (PID: 1184)
- Unicorn-32120.exe (PID: 6644)
- Unicorn-16190.exe (PID: 3100)
- Unicorn-45333.exe (PID: 5800)
- Unicorn-46677.exe (PID: 6620)
- Unicorn-35629.exe (PID: 8108)
- Unicorn-27547.exe (PID: 1312)
- Unicorn-33486.exe (PID: 7188)
- Unicorn-42208.exe (PID: 7320)
- Unicorn-53906.exe (PID: 7200)
- Unicorn-53714.exe (PID: 7576)
- Unicorn-33029.exe (PID: 7416)
- Unicorn-59142.exe (PID: 6640)
- Unicorn-5857.exe (PID: 7408)
- Unicorn-10496.exe (PID: 7412)
- Unicorn-3811.exe (PID: 7380)
- Unicorn-59889.exe (PID: 5244)
- Unicorn-14025.exe (PID: 7500)
- Unicorn-1581.exe (PID: 5116)
- Unicorn-34254.exe (PID: 7808)
- Unicorn-62577.exe (PID: 7484)
- Unicorn-42614.exe (PID: 1272)
- Unicorn-26086.exe (PID: 7628)
- Unicorn-43056.exe (PID: 1056)
- Unicorn-62073.exe (PID: 7784)
- Unicorn-28123.exe (PID: 7584)
- Unicorn-10304.exe (PID: 7772)
- Unicorn-40318.exe (PID: 7532)
- Unicorn-43233.exe (PID: 5048)
- Unicorn-24859.exe (PID: 6108)
- Unicorn-8008.exe (PID: 7648)
- Unicorn-55376.exe (PID: 7912)
- Unicorn-27298.exe (PID: 6676)
- Unicorn-27298.exe (PID: 632)
- Unicorn-46677.exe (PID: 672)
- Unicorn-17851.exe (PID: 7684)
- Unicorn-27298.exe (PID: 7904)
- Unicorn-55376.exe (PID: 2240)
- Unicorn-46677.exe (PID: 2284)
- Unicorn-5089.exe (PID: 4880)
- Unicorn-55969.exe (PID: 7148)
- Unicorn-55376.exe (PID: 2420)
- Unicorn-12668.exe (PID: 7732)
- Unicorn-41640.exe (PID: 2772)
- Unicorn-3945.exe (PID: 1240)
- Unicorn-61506.exe (PID: 1040)
- Unicorn-37770.exe (PID: 7952)
- Unicorn-41470.exe (PID: 7152)
- Unicorn-5076.exe (PID: 7012)
- Unicorn-46493.exe (PID: 7764)
- Unicorn-44600.exe (PID: 6044)
- Unicorn-10451.exe (PID: 2644)
- Unicorn-61698.exe (PID: 4696)
- Unicorn-26094.exe (PID: 8196)
- Unicorn-34262.exe (PID: 8212)
- Unicorn-38154.exe (PID: 8280)
- Unicorn-58188.exe (PID: 7744)
- Unicorn-6036.exe (PID: 8232)
- Unicorn-20208.exe (PID: 4464)
- Unicorn-18288.exe (PID: 8272)
- Unicorn-46130.exe (PID: 8364)
- Unicorn-44084.exe (PID: 8332)
- Unicorn-26086.exe (PID: 7708)
- Unicorn-5652.exe (PID: 8392)
- Unicorn-39114.exe (PID: 8484)
- Unicorn-14609.exe (PID: 8440)
- Unicorn-39114.exe (PID: 8500)
- Unicorn-14344.exe (PID: 8432)
- Unicorn-9373.exe (PID: 8316)
- Unicorn-39114.exe (PID: 8488)
- Unicorn-51921.exe (PID: 8512)
- Unicorn-22394.exe (PID: 8576)
- Unicorn-47837.exe (PID: 8548)
- Unicorn-49913.exe (PID: 8712)
- Unicorn-50982.exe (PID: 8640)
- Unicorn-55066.exe (PID: 8632)
- Unicorn-14225.exe (PID: 8616)
- Unicorn-22948.exe (PID: 8692)
- Unicorn-14225.exe (PID: 8608)
- Unicorn-26860.exe (PID: 8740)
- Unicorn-59705.exe (PID: 8720)
- Unicorn-64578.exe (PID: 8732)
- Unicorn-56712.exe (PID: 7788)
- Unicorn-35227.exe (PID: 8776)
- Unicorn-6944.exe (PID: 8812)
- Unicorn-34214.exe (PID: 8844)
- Unicorn-57806.exe (PID: 8024)
- Unicorn-10869.exe (PID: 8860)
- Unicorn-31391.exe (PID: 8804)
- Unicorn-47950.exe (PID: 8868)
- Unicorn-32290.exe (PID: 8916)
- Unicorn-33141.exe (PID: 9016)
- Unicorn-40266.exe (PID: 8956)
- Unicorn-51780.exe (PID: 9044)
- Unicorn-41574.exe (PID: 9008)
- Unicorn-31906.exe (PID: 8972)
- Unicorn-41012.exe (PID: 8932)
INFO
Checks supported languages
- Unicorn-31986.exe (PID: 664)
- 1 (1230).exe (PID: 6668)
- Unicorn-63802.exe (PID: 7824)
- Unicorn-27600.exe (PID: 7848)
- Unicorn-46049.exe (PID: 7944)
- Unicorn-25074.exe (PID: 7924)
- Unicorn-46463.exe (PID: 7964)
- Unicorn-52593.exe (PID: 7972)
- Unicorn-20916.exe (PID: 8048)
- Unicorn-55774.exe (PID: 8028)
- Unicorn-63240.exe (PID: 8076)
- Unicorn-31280.exe (PID: 8100)
- Unicorn-35629.exe (PID: 8116)
- Unicorn-37252.exe (PID: 8124)
- Unicorn-63086.exe (PID: 5408)
- Unicorn-35629.exe (PID: 8108)
- Unicorn-11700.exe (PID: 6712)
- Unicorn-2785.exe (PID: 2108)
- Unicorn-31566.exe (PID: 4724)
- Unicorn-32120.exe (PID: 1184)
- Unicorn-32120.exe (PID: 6644)
- Unicorn-36344.exe (PID: 300)
- Unicorn-16190.exe (PID: 3100)
- Unicorn-5089.exe (PID: 4880)
- Unicorn-46677.exe (PID: 672)
- Unicorn-42208.exe (PID: 7320)
- Unicorn-33486.exe (PID: 7188)
- Unicorn-33029.exe (PID: 7416)
- Unicorn-53906.exe (PID: 7200)
- Unicorn-14025.exe (PID: 7500)
- Unicorn-3811.exe (PID: 7380)
- Unicorn-53714.exe (PID: 7576)
- Unicorn-59889.exe (PID: 5244)
- Unicorn-5857.exe (PID: 7408)
- Unicorn-59142.exe (PID: 6640)
- Unicorn-1581.exe (PID: 5116)
- Unicorn-62073.exe (PID: 7784)
- Unicorn-26086.exe (PID: 7628)
- Unicorn-26086.exe (PID: 7708)
- Unicorn-56712.exe (PID: 7788)
- Unicorn-28123.exe (PID: 7584)
- Unicorn-42614.exe (PID: 1272)
- Unicorn-58188.exe (PID: 7744)
- Unicorn-40318.exe (PID: 7532)
- Unicorn-43233.exe (PID: 5048)
- Unicorn-41640.exe (PID: 2772)
- Unicorn-27298.exe (PID: 7904)
- Unicorn-27298.exe (PID: 6676)
- Unicorn-55376.exe (PID: 2420)
- Unicorn-55376.exe (PID: 2240)
- Unicorn-20208.exe (PID: 4464)
- Unicorn-61506.exe (PID: 1040)
- Unicorn-3945.exe (PID: 1240)
- Unicorn-27298.exe (PID: 632)
- Unicorn-37770.exe (PID: 7952)
- Unicorn-57806.exe (PID: 8024)
- Unicorn-5076.exe (PID: 7012)
- Unicorn-12668.exe (PID: 7732)
- Unicorn-61698.exe (PID: 4696)
- Unicorn-10451.exe (PID: 2644)
- Unicorn-26094.exe (PID: 8196)
- Unicorn-6036.exe (PID: 8232)
- Unicorn-38154.exe (PID: 8280)
- Unicorn-18288.exe (PID: 8272)
- Unicorn-9373.exe (PID: 8316)
- Unicorn-46130.exe (PID: 8364)
- Unicorn-14609.exe (PID: 8440)
- Unicorn-14344.exe (PID: 8432)
- Unicorn-51921.exe (PID: 8512)
- Unicorn-22394.exe (PID: 8576)
- Unicorn-50982.exe (PID: 8640)
- Unicorn-14225.exe (PID: 8616)
- Unicorn-14225.exe (PID: 8608)
- Unicorn-22948.exe (PID: 8692)
- Unicorn-35227.exe (PID: 8776)
- Unicorn-31391.exe (PID: 8804)
- Unicorn-10869.exe (PID: 8860)
- Unicorn-6944.exe (PID: 8812)
- Unicorn-47950.exe (PID: 8868)
- Unicorn-32290.exe (PID: 8916)
- Unicorn-41012.exe (PID: 8932)
- Unicorn-40266.exe (PID: 8956)
- Unicorn-31906.exe (PID: 8972)
- Unicorn-41574.exe (PID: 9008)
- Unicorn-33141.exe (PID: 9016)
- Unicorn-51780.exe (PID: 9044)
- Unicorn-49669.exe (PID: 4200)
- Unicorn-10245.exe (PID: 1760)
- Unicorn-21324.exe (PID: 9088)
- Unicorn-16302.exe (PID: 9120)
- Unicorn-59254.exe (PID: 7612)
- Unicorn-43472.exe (PID: 7604)
- Unicorn-46618.exe (PID: 8300)
- Unicorn-17838.exe (PID: 8832)
- Unicorn-8418.exe (PID: 9292)
- Unicorn-17838.exe (PID: 8800)
- Unicorn-39004.exe (PID: 4152)
- Unicorn-58870.exe (PID: 732)
- Unicorn-64106.exe (PID: 9276)
- Unicorn-4714.exe (PID: 9340)
- Unicorn-46684.exe (PID: 9456)
- Unicorn-35134.exe (PID: 9376)
- Unicorn-56798.exe (PID: 9496)
- Unicorn-51205.exe (PID: 9392)
- Unicorn-19352.exe (PID: 9368)
- Unicorn-2269.exe (PID: 9424)
- Unicorn-3976.exe (PID: 9520)
- Unicorn-22559.exe (PID: 9308)
- Unicorn-63613.exe (PID: 9548)
- Unicorn-4661.exe (PID: 9592)
- Unicorn-26665.exe (PID: 9576)
- Unicorn-5542.exe (PID: 9612)
- Unicorn-53753.exe (PID: 9720)
- Unicorn-33930.exe (PID: 9780)
- Unicorn-45222.exe (PID: 9632)
- Unicorn-20526.exe (PID: 9652)
- Unicorn-20526.exe (PID: 9660)
- Unicorn-61921.exe (PID: 9700)
- Unicorn-1951.exe (PID: 9728)
- Unicorn-12502.exe (PID: 9916)
- Unicorn-7225.exe (PID: 10020)
- Unicorn-64957.exe (PID: 10052)
- Unicorn-13125.exe (PID: 9812)
- Unicorn-60608.exe (PID: 9876)
- Unicorn-43472.exe (PID: 5588)
- Unicorn-39191.exe (PID: 10076)
- Unicorn-7671.exe (PID: 10160)
- Unicorn-21406.exe (PID: 10152)
- Unicorn-65070.exe (PID: 10212)
- Unicorn-57749.exe (PID: 10184)
- Unicorn-51335.exe (PID: 10224)
- Unicorn-46182.exe (PID: 7668)
- Unicorn-62601.exe (PID: 744)
- Unicorn-58657.exe (PID: 10464)
- Unicorn-48403.exe (PID: 6208)
- Unicorn-62601.exe (PID: 10256)
- Unicorn-21403.exe (PID: 10352)
- Unicorn-21933.exe (PID: 10384)
- Unicorn-10468.exe (PID: 10392)
- Unicorn-52792.exe (PID: 10412)
- Unicorn-48019.exe (PID: 10324)
- Unicorn-25547.exe (PID: 10828)
- Unicorn-25547.exe (PID: 10836)
- Unicorn-24203.exe (PID: 10376)
- Unicorn-28991.exe (PID: 10452)
- Unicorn-41444.exe (PID: 10652)
- Unicorn-381.exe (PID: 10776)
- Unicorn-5829.exe (PID: 10784)
- Unicorn-1423.exe (PID: 10672)
- Unicorn-25547.exe (PID: 10844)
- Unicorn-64713.exe (PID: 10880)
- Unicorn-24470.exe (PID: 10920)
- Unicorn-15155.exe (PID: 10996)
- Unicorn-64541.exe (PID: 10912)
- Unicorn-53613.exe (PID: 10952)
- Unicorn-15755.exe (PID: 11236)
- Unicorn-30608.exe (PID: 11248)
- Unicorn-46753.exe (PID: 8996)
- Unicorn-56758.exe (PID: 11016)
- Unicorn-29456.exe (PID: 11132)
- Unicorn-25372.exe (PID: 11140)
- Unicorn-14795.exe (PID: 11088)
- Unicorn-1060.exe (PID: 11080)
- Unicorn-26663.exe (PID: 11176)
- Unicorn-12928.exe (PID: 11184)
- Unicorn-4403.exe (PID: 4692)
- Unicorn-27322.exe (PID: 11504)
- Unicorn-62077.exe (PID: 6516)
- Unicorn-42476.exe (PID: 6572)
- Unicorn-46006.exe (PID: 11276)
- Unicorn-39684.exe (PID: 11352)
- Unicorn-20607.exe (PID: 11384)
- Unicorn-31184.exe (PID: 11460)
- Unicorn-63857.exe (PID: 11484)
- Unicorn-11532.exe (PID: 11548)
- Unicorn-45436.exe (PID: 1116)
- Unicorn-17972.exe (PID: 4400)
- Unicorn-41604.exe (PID: 11628)
- Unicorn-36210.exe (PID: 11720)
- Unicorn-27676.exe (PID: 11672)
- Unicorn-24744.exe (PID: 11728)
- Unicorn-36228.exe (PID: 11556)
- Unicorn-27213.exe (PID: 11588)
- Unicorn-47734.exe (PID: 11612)
The sample compiled with chinese language support
- 1 (1230).exe (PID: 6668)
Reads the computer name
- 1 (1230).exe (PID: 6668)
- Unicorn-31986.exe (PID: 664)
- Unicorn-27600.exe (PID: 7848)
- Unicorn-63802.exe (PID: 7824)
- Unicorn-46049.exe (PID: 7944)
- Unicorn-25074.exe (PID: 7924)
- Unicorn-52593.exe (PID: 7972)
- Unicorn-46463.exe (PID: 7964)
- Unicorn-55774.exe (PID: 8028)
- Unicorn-31280.exe (PID: 8100)
- Unicorn-35629.exe (PID: 8108)
- Unicorn-37252.exe (PID: 8124)
- Unicorn-63086.exe (PID: 5408)
- Unicorn-24446.exe (PID: 8068)
- Unicorn-27482.exe (PID: 5380)
- Unicorn-31566.exe (PID: 4724)
- Unicorn-32120.exe (PID: 6644)
- Unicorn-45856.exe (PID: 1228)
- Unicorn-45333.exe (PID: 5800)
- Unicorn-59889.exe (PID: 5772)
- Unicorn-2785.exe (PID: 2108)
- Unicorn-46677.exe (PID: 6620)
- Unicorn-5089.exe (PID: 4880)
- Unicorn-46677.exe (PID: 2284)
- Unicorn-27547.exe (PID: 1312)
- Unicorn-33486.exe (PID: 7188)
- Unicorn-53906.exe (PID: 7200)
- Unicorn-33029.exe (PID: 7416)
- Unicorn-5857.exe (PID: 7408)
- Unicorn-59889.exe (PID: 5244)
- Unicorn-59142.exe (PID: 6640)
- Unicorn-10496.exe (PID: 7412)
- Unicorn-3811.exe (PID: 7380)
- Unicorn-42208.exe (PID: 7320)
- Unicorn-1581.exe (PID: 5116)
- Unicorn-34254.exe (PID: 7808)
- Unicorn-62577.exe (PID: 7484)
- Unicorn-62073.exe (PID: 7784)
- Unicorn-56712.exe (PID: 7788)
- Unicorn-40318.exe (PID: 7532)
- Unicorn-24859.exe (PID: 6108)
- Unicorn-43233.exe (PID: 5048)
- Unicorn-55376.exe (PID: 7912)
- Unicorn-27298.exe (PID: 6676)
- Unicorn-27298.exe (PID: 632)
- Unicorn-55376.exe (PID: 2420)
- Unicorn-17851.exe (PID: 7684)
- Unicorn-55969.exe (PID: 7148)
- Unicorn-55376.exe (PID: 2240)
- Unicorn-41640.exe (PID: 2772)
- Unicorn-41470.exe (PID: 7152)
- Unicorn-57806.exe (PID: 8024)
- Unicorn-12668.exe (PID: 7732)
- Unicorn-61698.exe (PID: 4696)
- Unicorn-26094.exe (PID: 8196)
- Unicorn-6036.exe (PID: 8232)
- Unicorn-46130.exe (PID: 8364)
- Unicorn-9373.exe (PID: 8316)
- Unicorn-44084.exe (PID: 8332)
Create files in a temporary directory
- Unicorn-31986.exe (PID: 664)
- 1 (1230).exe (PID: 6668)
- Unicorn-63802.exe (PID: 7824)
- Unicorn-46049.exe (PID: 7944)
- Unicorn-46463.exe (PID: 7964)
- Unicorn-27600.exe (PID: 7848)
- Unicorn-55774.exe (PID: 8028)
- Unicorn-20916.exe (PID: 8048)
- Unicorn-52593.exe (PID: 7972)
- Unicorn-24446.exe (PID: 8068)
- Unicorn-63086.exe (PID: 5408)
- Unicorn-2188.exe (PID: 3332)
- Unicorn-37252.exe (PID: 8124)
- Unicorn-25074.exe (PID: 7924)
- Unicorn-13885.exe (PID: 6800)
- Unicorn-36344.exe (PID: 300)
- Unicorn-27482.exe (PID: 5380)
- Unicorn-2785.exe (PID: 2108)
- Unicorn-31566.exe (PID: 4724)
- Unicorn-11700.exe (PID: 6712)
- Unicorn-35629.exe (PID: 8116)
- Unicorn-32120.exe (PID: 1184)
- Unicorn-45856.exe (PID: 1228)
- Unicorn-27547.exe (PID: 1312)
- Unicorn-33486.exe (PID: 7188)
- Unicorn-35629.exe (PID: 8108)
- Unicorn-42208.exe (PID: 7320)
- Unicorn-33029.exe (PID: 7416)
- Unicorn-53714.exe (PID: 7576)
- Unicorn-59889.exe (PID: 5244)
- Unicorn-3811.exe (PID: 7380)
- Unicorn-46677.exe (PID: 6620)
- Unicorn-59889.exe (PID: 5772)
- Unicorn-62577.exe (PID: 7484)
- Unicorn-63240.exe (PID: 8076)
- Unicorn-26086.exe (PID: 7628)
- Unicorn-42614.exe (PID: 1272)
- Unicorn-62073.exe (PID: 7784)
- Unicorn-43056.exe (PID: 1056)
- Unicorn-40318.exe (PID: 7532)
- Unicorn-32120.exe (PID: 6644)
- Unicorn-16190.exe (PID: 3100)
- Unicorn-24859.exe (PID: 6108)
- Unicorn-45333.exe (PID: 5800)
- Unicorn-43233.exe (PID: 5048)
- Unicorn-55376.exe (PID: 7912)
- Unicorn-27298.exe (PID: 632)
- Unicorn-55376.exe (PID: 2240)
- Unicorn-46677.exe (PID: 672)
- Unicorn-55969.exe (PID: 7148)
- Unicorn-17851.exe (PID: 7684)
- Unicorn-3945.exe (PID: 1240)
- Unicorn-12668.exe (PID: 7732)
- Unicorn-46677.exe (PID: 2284)
- Unicorn-41640.exe (PID: 2772)
- Unicorn-61506.exe (PID: 1040)
- Unicorn-37770.exe (PID: 7952)
- Unicorn-31280.exe (PID: 8100)
- Unicorn-41470.exe (PID: 7152)
- Unicorn-5076.exe (PID: 7012)
- Unicorn-46493.exe (PID: 7764)
- Unicorn-44600.exe (PID: 6044)
- Unicorn-61698.exe (PID: 4696)
- Unicorn-10451.exe (PID: 2644)
- Unicorn-59142.exe (PID: 6640)
- Unicorn-5857.exe (PID: 7408)
- Unicorn-10496.exe (PID: 7412)
- Unicorn-14025.exe (PID: 7500)
- Unicorn-1581.exe (PID: 5116)
- Unicorn-28123.exe (PID: 7584)
- Unicorn-10304.exe (PID: 7772)
- Unicorn-34262.exe (PID: 8212)
- Unicorn-8008.exe (PID: 7648)
- Unicorn-38154.exe (PID: 8280)
- Unicorn-27298.exe (PID: 6676)
- Unicorn-55376.exe (PID: 2420)
- Unicorn-6036.exe (PID: 8232)
- Unicorn-27298.exe (PID: 7904)
- Unicorn-5089.exe (PID: 4880)
- Unicorn-53906.exe (PID: 7200)
- Unicorn-9373.exe (PID: 8316)
- Unicorn-46130.exe (PID: 8364)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
392
Monitored processes
259
Malicious processes
41
Suspicious processes
41
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 300 | C:\Users\admin\AppData\Local\Temp\Unicorn-36344.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36344.exe | Unicorn-63802.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 496 | C:\Users\admin\AppData\Local\Temp\Unicorn-64276.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64276.exe | — | Unicorn-59889.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-27298.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27298.exe | Unicorn-5089.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 664 | C:\Users\admin\AppData\Local\Temp\Unicorn-31986.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31986.exe | 1 (1230).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 672 | C:\Users\admin\AppData\Local\Temp\Unicorn-46677.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46677.exe | Unicorn-35629.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 732 | C:\Users\admin\AppData\Local\Temp\Unicorn-58870.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58870.exe | — | Unicorn-55969.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 744 | C:\Users\admin\AppData\Local\Temp\Unicorn-62601.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-62601.exe | — | Unicorn-42614.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-61506.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61506.exe | Unicorn-27547.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1056 | C:\Users\admin\AppData\Local\Temp\Unicorn-43056.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43056.exe | 1 (1230).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1116 | C:\Users\admin\AppData\Local\Temp\Unicorn-45436.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45436.exe | — | Unicorn-35629.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
5 468
Read events
5 468
Write events
0
Delete events
0
Modification events
Executable files
652
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 664 | Unicorn-31986.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46049.exe | executable | |
MD5:18EF44BBF8C0EC32CE34E18093805FC4 | SHA256:A1F888ED0EEA9AE849E184330366052B758100823E5F0356DC00A10DCA10C28E | |||
| 7824 | Unicorn-63802.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25074.exe | executable | |
MD5:452C26CF9EFD10DA01A719C20E4FFAD3 | SHA256:BE03A209B587C3A321F0E90830AE2ADB1D9A824A1A99F923BA6160E4BF7C1C12 | |||
| 7848 | Unicorn-27600.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52593.exe | executable | |
MD5:FE558EBBCAFFA5ECA0AE93832AC4276E | SHA256:76EA1742D5D183D39076EE072155344F260563277FDC5A34956798E139B3F3C5 | |||
| 6668 | 1 (1230).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27600.exe | executable | |
MD5:E11DA44E6346B2EE21BD0A1133567A12 | SHA256:F772D5C6CCCC017B4D5791B6FEDF45B726CFE7F30844176D504B7C9FE87ADDE2 | |||
| 7824 | Unicorn-63802.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-20916.exe | executable | |
MD5:352AC8A827C62C91EE9D2135918F477C | SHA256:F303CE7F2A2386A7A683422DD25DE2CB36A0A0E5231DFE6E618CFDB2E9AF7B7A | |||
| 664 | Unicorn-31986.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-63802.exe | executable | |
MD5:3750DEB9C69836437A345D60C4D3BB1A | SHA256:1B16041A6CC7D319B599A5B6CA0903B3A2C9D97BC0B43F1B6F38D5FEE206DBAA | |||
| 7848 | Unicorn-27600.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37252.exe | executable | |
MD5:D2965E5B53A7B139242266F70601159B | SHA256:A64A24900CA3A8C5CB185089FE0B796448797A9F4020DF4FE3CCC91F3AD01D08 | |||
| 6668 | 1 (1230).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46463.exe | executable | |
MD5:AADE84904A0CCD890B69FAA5FAC76CB4 | SHA256:E00E0548D88EE42E0A1932EE44D772F9A73784B4E88DCA0172AAAB7577D5066E | |||
| 7824 | Unicorn-63802.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36344.exe | executable | |
MD5:801B41AAFE804515F7B803A1F8245EED | SHA256:E8317A2A47A5CF76DF7522D792D66A2EA75C99ACFAEFD2F33DC4DFD12C307314 | |||
| 7944 | Unicorn-46049.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24446.exe | executable | |
MD5:8C025172EF42453BDB39FF4CCEC94B8B | SHA256:183888C8ACFB475320505A1BF0A470FE5884EF2D35142610846E52B705D96EE0 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
8252 | SIHClient.exe | GET | 200 | 2.23.181.156:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.16.164.112:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
720 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8252 | SIHClient.exe | GET | 200 | 2.23.181.156:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 2.16.164.112:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5496 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.160.66:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
720 | backgroundTaskHost.exe | 20.103.156.88:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
720 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |