| File name: | 1 (219) |
| Full analysis: | https://app.any.run/tasks/f36cb2b6-a352-4fc5-b763-9acb034f3588 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 15:53:51 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 4F083A0E5C12EA2EC17EB0FE3AF351F0 |
| SHA1: | F04D250E806D3A0F89A6ADE0B7212B579E660D5F |
| SHA256: | ADE538A2E2AB6E8263345354D667C0C31A5F21C723DF58791866AAC35854EB23 |
| SSDEEP: | 6144:K7mgsJWc8DWHA5iTmkeWigax5tpFWvJGBJ/x1eUA8k/8SwjwpyAvhhzHj7A0FK5a:KaVouHA5+mnFpghaJJ1eUAwx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- 1 (219).exe (PID: 6668)
- Unicorn-52948.exe (PID: 5392)
- Unicorn-63420.exe (PID: 2108)
- Unicorn-28178.exe (PID: 5204)
- Unicorn-1111.exe (PID: 6324)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-28304.exe (PID: 1672)
- Unicorn-5890.exe (PID: 5868)
- Unicorn-28037.exe (PID: 2268)
- Unicorn-62512.exe (PID: 516)
- Unicorn-41708.exe (PID: 4068)
- Unicorn-46420.exe (PID: 5984)
- Unicorn-41708.exe (PID: 6872)
- Unicorn-41791.exe (PID: 4180)
- Unicorn-5506.exe (PID: 4120)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-48444.exe (PID: 4464)
- Unicorn-13249.exe (PID: 5380)
- Unicorn-31459.exe (PID: 6228)
- Unicorn-53104.exe (PID: 7184)
- Unicorn-56382.exe (PID: 5596)
- Unicorn-11858.exe (PID: 4844)
- Unicorn-9056.exe (PID: 7176)
- Unicorn-27814.exe (PID: 7252)
- Unicorn-25014.exe (PID: 7260)
- Unicorn-25107.exe (PID: 5228)
- Unicorn-3773.exe (PID: 7232)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-35315.exe (PID: 7340)
- Unicorn-17779.exe (PID: 7364)
- Unicorn-34529.exe (PID: 7332)
- Unicorn-33945.exe (PID: 7268)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-57909.exe (PID: 7496)
- Unicorn-1054.exe (PID: 7504)
- Unicorn-24116.exe (PID: 7532)
- Unicorn-7857.exe (PID: 7212)
- Unicorn-63083.exe (PID: 7548)
- Unicorn-23888.exe (PID: 7680)
- Unicorn-24826.exe (PID: 7580)
- Unicorn-39408.exe (PID: 7628)
- Unicorn-44692.exe (PID: 7564)
- Unicorn-46638.exe (PID: 7612)
- Unicorn-25455.exe (PID: 7604)
- Unicorn-13180.exe (PID: 7620)
- Unicorn-56844.exe (PID: 7712)
- Unicorn-31034.exe (PID: 7808)
- Unicorn-46638.exe (PID: 7596)
- Unicorn-30903.exe (PID: 7888)
- Unicorn-43108.exe (PID: 7744)
- Unicorn-43239.exe (PID: 7704)
- Unicorn-32907.exe (PID: 7768)
- Unicorn-13249.exe (PID: 5576)
- Unicorn-63851.exe (PID: 7736)
- Unicorn-33945.exe (PID: 7276)
- Unicorn-18459.exe (PID: 7776)
- Unicorn-21925.exe (PID: 4988)
- Unicorn-30903.exe (PID: 7880)
- Unicorn-8667.exe (PID: 7792)
- Unicorn-20405.exe (PID: 7828)
- Unicorn-48738.exe (PID: 7800)
- Unicorn-39155.exe (PID: 7696)
- Unicorn-55538.exe (PID: 8080)
- Unicorn-19851.exe (PID: 7756)
- Unicorn-29450.exe (PID: 8116)
- Unicorn-10265.exe (PID: 4620)
- Unicorn-13327.exe (PID: 4112)
- Unicorn-32103.exe (PID: 7848)
- Unicorn-22464.exe (PID: 6964)
- Unicorn-55320.exe (PID: 472)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-11940.exe (PID: 4652)
- Unicorn-9140.exe (PID: 4228)
- Unicorn-26924.exe (PID: 1912)
- Unicorn-35388.exe (PID: 8308)
- Unicorn-25536.exe (PID: 8196)
- Unicorn-61646.exe (PID: 8336)
- Unicorn-37142.exe (PID: 8352)
- Unicorn-42086.exe (PID: 8384)
- Unicorn-58584.exe (PID: 8236)
- Unicorn-29257.exe (PID: 8300)
- Unicorn-57721.exe (PID: 7720)
- Unicorn-1660.exe (PID: 7936)
- Unicorn-48086.exe (PID: 8408)
- Unicorn-2414.exe (PID: 8424)
- Unicorn-16046.exe (PID: 8564)
- Unicorn-7525.exe (PID: 7920)
- Unicorn-8143.exe (PID: 8572)
- Unicorn-60338.exe (PID: 8396)
- Unicorn-35580.exe (PID: 8508)
- Unicorn-60084.exe (PID: 8480)
- Unicorn-34618.exe (PID: 8468)
- Unicorn-22534.exe (PID: 8672)
- Unicorn-17495.exe (PID: 1244)
- Unicorn-23393.exe (PID: 9008)
- Unicorn-15928.exe (PID: 8684)
- Unicorn-45647.exe (PID: 8652)
- Unicorn-56960.exe (PID: 8860)
- Unicorn-54914.exe (PID: 8804)
- Unicorn-37235.exe (PID: 8988)
- Unicorn-56960.exe (PID: 8820)
- Unicorn-56960.exe (PID: 8852)
- Unicorn-27665.exe (PID: 8708)
- Unicorn-65512.exe (PID: 8660)
- Unicorn-38325.exe (PID: 7784)
- Unicorn-35507.exe (PID: 8552)
- Unicorn-37235.exe (PID: 8996)
- Unicorn-28372.exe (PID: 8828)
- Unicorn-2798.exe (PID: 8788)
- Unicorn-27111.exe (PID: 8776)
- Unicorn-46332.exe (PID: 8836)
- Unicorn-53836.exe (PID: 9196)
- Unicorn-40624.exe (PID: 8876)
- Unicorn-59958.exe (PID: 8952)
- Unicorn-7245.exe (PID: 8768)
- Unicorn-63851.exe (PID: 7728)
- Unicorn-32456.exe (PID: 8760)
- Unicorn-38469.exe (PID: 8964)
- Unicorn-660.exe (PID: 8920)
- Unicorn-12995.exe (PID: 8928)
- Unicorn-44277.exe (PID: 8896)
- Unicorn-27111.exe (PID: 8752)
- Unicorn-7759.exe (PID: 8692)
- Unicorn-25746.exe (PID: 9024)
- Unicorn-40624.exe (PID: 8888)
- Unicorn-14811.exe (PID: 9016)
- Unicorn-53836.exe (PID: 9204)
- Unicorn-5382.exe (PID: 8904)
- Unicorn-12035.exe (PID: 8796)
- Unicorn-17080.exe (PID: 8912)
- Unicorn-40624.exe (PID: 8944)
Starts itself from another location
- 1 (219).exe (PID: 6668)
- Unicorn-52948.exe (PID: 5392)
- Unicorn-63420.exe (PID: 2108)
- Unicorn-28178.exe (PID: 5204)
- Unicorn-1111.exe (PID: 6324)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-46420.exe (PID: 5984)
- Unicorn-28037.exe (PID: 2268)
- Unicorn-28304.exe (PID: 1672)
- Unicorn-5890.exe (PID: 5868)
- Unicorn-56382.exe (PID: 5596)
- Unicorn-62512.exe (PID: 516)
- Unicorn-41708.exe (PID: 4068)
- Unicorn-41708.exe (PID: 6872)
- Unicorn-5506.exe (PID: 4120)
- Unicorn-41791.exe (PID: 4180)
- Unicorn-21925.exe (PID: 4988)
- Unicorn-25107.exe (PID: 5228)
- Unicorn-48444.exe (PID: 4464)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-13249.exe (PID: 5380)
- Unicorn-31459.exe (PID: 6228)
- Unicorn-53104.exe (PID: 7184)
- Unicorn-13249.exe (PID: 5576)
- Unicorn-11858.exe (PID: 4844)
- Unicorn-9056.exe (PID: 7176)
- Unicorn-33945.exe (PID: 7276)
- Unicorn-27814.exe (PID: 7252)
- Unicorn-25014.exe (PID: 7260)
- Unicorn-3773.exe (PID: 7232)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-35315.exe (PID: 7340)
- Unicorn-34529.exe (PID: 7332)
- Unicorn-17779.exe (PID: 7364)
- Unicorn-33945.exe (PID: 7268)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-57909.exe (PID: 7496)
- Unicorn-1054.exe (PID: 7504)
- Unicorn-24116.exe (PID: 7532)
- Unicorn-7857.exe (PID: 7212)
- Unicorn-63083.exe (PID: 7548)
- Unicorn-24826.exe (PID: 7580)
- Unicorn-39408.exe (PID: 7628)
- Unicorn-23888.exe (PID: 7680)
- Unicorn-44692.exe (PID: 7564)
- Unicorn-25455.exe (PID: 7604)
- Unicorn-56844.exe (PID: 7712)
- Unicorn-13180.exe (PID: 7620)
- Unicorn-31034.exe (PID: 7808)
- Unicorn-46638.exe (PID: 7612)
- Unicorn-46638.exe (PID: 7596)
- Unicorn-30903.exe (PID: 7888)
- Unicorn-63851.exe (PID: 7736)
- Unicorn-43239.exe (PID: 7704)
- Unicorn-43108.exe (PID: 7744)
- Unicorn-63851.exe (PID: 7728)
- Unicorn-20405.exe (PID: 7828)
- Unicorn-18459.exe (PID: 7776)
- Unicorn-48738.exe (PID: 7800)
- Unicorn-32907.exe (PID: 7768)
- Unicorn-1660.exe (PID: 7936)
- Unicorn-57721.exe (PID: 7720)
- Unicorn-39155.exe (PID: 7696)
- Unicorn-40271.exe (PID: 7840)
- Unicorn-30903.exe (PID: 7880)
- Unicorn-19851.exe (PID: 7756)
- Unicorn-7525.exe (PID: 7920)
- Unicorn-8667.exe (PID: 7792)
- Unicorn-38325.exe (PID: 7784)
- Unicorn-55538.exe (PID: 8080)
- Unicorn-13327.exe (PID: 4112)
- Unicorn-32103.exe (PID: 7848)
- Unicorn-10265.exe (PID: 4620)
- Unicorn-29450.exe (PID: 8116)
- Unicorn-22464.exe (PID: 6964)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-55320.exe (PID: 472)
- Unicorn-17495.exe (PID: 1244)
- Unicorn-11940.exe (PID: 4652)
- Unicorn-26924.exe (PID: 1912)
- Unicorn-9140.exe (PID: 4228)
- Unicorn-35388.exe (PID: 8308)
- Unicorn-25536.exe (PID: 8196)
- Unicorn-61646.exe (PID: 8336)
- Unicorn-37142.exe (PID: 8352)
- Unicorn-58584.exe (PID: 8236)
- Unicorn-29257.exe (PID: 8300)
- Unicorn-42086.exe (PID: 8384)
- Unicorn-48086.exe (PID: 8408)
- Unicorn-2414.exe (PID: 8424)
- Unicorn-16046.exe (PID: 8564)
- Unicorn-60084.exe (PID: 8480)
- Unicorn-60338.exe (PID: 8396)
INFO
Checks supported languages
- Unicorn-52948.exe (PID: 5392)
- 1 (219).exe (PID: 6668)
- Unicorn-28178.exe (PID: 5204)
- Unicorn-63420.exe (PID: 2108)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-28037.exe (PID: 2268)
- Unicorn-28304.exe (PID: 1672)
- Unicorn-5890.exe (PID: 5868)
- Unicorn-46420.exe (PID: 5984)
- Unicorn-41708.exe (PID: 6872)
- Unicorn-41708.exe (PID: 4068)
- Unicorn-21925.exe (PID: 4988)
- Unicorn-62512.exe (PID: 516)
- Unicorn-56382.exe (PID: 5596)
- Unicorn-13249.exe (PID: 5380)
- Unicorn-48444.exe (PID: 4464)
- Unicorn-31459.exe (PID: 6228)
- Unicorn-11858.exe (PID: 4844)
- Unicorn-7857.exe (PID: 7212)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-33945.exe (PID: 7276)
- Unicorn-33945.exe (PID: 7268)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-35315.exe (PID: 7340)
- Unicorn-34529.exe (PID: 7332)
- Unicorn-27814.exe (PID: 7252)
- Unicorn-25014.exe (PID: 7260)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-24116.exe (PID: 7532)
- Unicorn-44692.exe (PID: 7564)
- Unicorn-24826.exe (PID: 7580)
- Unicorn-39408.exe (PID: 7628)
- Unicorn-25455.exe (PID: 7604)
- Unicorn-46638.exe (PID: 7596)
- Unicorn-56844.exe (PID: 7712)
- Unicorn-23888.exe (PID: 7680)
- Unicorn-43108.exe (PID: 7744)
- Unicorn-20405.exe (PID: 7828)
- Unicorn-57721.exe (PID: 7720)
- Unicorn-18459.exe (PID: 7776)
- Unicorn-19851.exe (PID: 7756)
- Unicorn-32907.exe (PID: 7768)
- Unicorn-63851.exe (PID: 7728)
- Unicorn-30903.exe (PID: 7880)
- Unicorn-38325.exe (PID: 7784)
- Unicorn-40271.exe (PID: 7840)
- Unicorn-8667.exe (PID: 7792)
- Unicorn-48738.exe (PID: 7800)
- Unicorn-7525.exe (PID: 7920)
- Unicorn-32103.exe (PID: 7848)
- Unicorn-13327.exe (PID: 4112)
- Unicorn-29450.exe (PID: 8116)
- Unicorn-55538.exe (PID: 8080)
- Unicorn-22464.exe (PID: 6964)
- Unicorn-17495.exe (PID: 1244)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-55320.exe (PID: 472)
- Unicorn-26924.exe (PID: 1912)
- Unicorn-10265.exe (PID: 4620)
- Unicorn-25536.exe (PID: 8196)
- Unicorn-58584.exe (PID: 8236)
- Unicorn-29257.exe (PID: 8300)
- Unicorn-42086.exe (PID: 8384)
- Unicorn-34618.exe (PID: 8468)
- Unicorn-8143.exe (PID: 8572)
- Unicorn-35580.exe (PID: 8508)
- Unicorn-7759.exe (PID: 8692)
- Unicorn-65512.exe (PID: 8660)
- Unicorn-12035.exe (PID: 8796)
- Unicorn-56960.exe (PID: 8860)
- Unicorn-40624.exe (PID: 8876)
- Unicorn-37235.exe (PID: 8988)
- Unicorn-5382.exe (PID: 8904)
- Unicorn-53836.exe (PID: 9204)
- Unicorn-38469.exe (PID: 8964)
- Unicorn-14811.exe (PID: 9016)
- Unicorn-4505.exe (PID: 2332)
- Unicorn-9295.exe (PID: 9232)
- Unicorn-37369.exe (PID: 1748)
- Unicorn-58283.exe (PID: 2084)
- Unicorn-62973.exe (PID: 9224)
- Unicorn-7802.exe (PID: 9260)
- Unicorn-4065.exe (PID: 3032)
- Unicorn-16757.exe (PID: 9240)
- Unicorn-58963.exe (PID: 9352)
- Unicorn-58194.exe (PID: 9360)
- Unicorn-5403.exe (PID: 9276)
- Unicorn-59264.exe (PID: 9520)
- Unicorn-6865.exe (PID: 9344)
- Unicorn-49752.exe (PID: 9252)
- Unicorn-52694.exe (PID: 9552)
- Unicorn-59850.exe (PID: 9544)
- Unicorn-45987.exe (PID: 10052)
- Unicorn-10639.exe (PID: 9504)
- Unicorn-10374.exe (PID: 9456)
- Unicorn-46903.exe (PID: 9536)
- Unicorn-1385.exe (PID: 9648)
- Unicorn-60800.exe (PID: 9680)
- Unicorn-41659.exe (PID: 10180)
- Unicorn-17420.exe (PID: 8148)
- Unicorn-45716.exe (PID: 3888)
- Unicorn-54904.exe (PID: 3396)
- Unicorn-40477.exe (PID: 456)
- Unicorn-1685.exe (PID: 10540)
- Unicorn-18842.exe (PID: 10712)
- Unicorn-56860.exe (PID: 10596)
- Unicorn-38856.exe (PID: 10560)
- Unicorn-2307.exe (PID: 10868)
- Unicorn-59111.exe (PID: 10676)
- Unicorn-21565.exe (PID: 2616)
- Unicorn-7222.exe (PID: 10288)
- Unicorn-52147.exe (PID: 10320)
- Unicorn-48726.exe (PID: 11216)
- Unicorn-57549.exe (PID: 11232)
- Unicorn-5747.exe (PID: 7492)
- Unicorn-47483.exe (PID: 11364)
- Unicorn-65198.exe (PID: 11392)
- Unicorn-13531.exe (PID: 11440)
- Unicorn-64678.exe (PID: 11516)
- Unicorn-21503.exe (PID: 10876)
- Unicorn-25120.exe (PID: 10636)
- Unicorn-1680.exe (PID: 11088)
- Unicorn-3334.exe (PID: 11128)
- Unicorn-42525.exe (PID: 11892)
- Unicorn-14674.exe (PID: 12040)
- Unicorn-35020.exe (PID: 11532)
- Unicorn-21285.exe (PID: 11612)
- Unicorn-50642.exe (PID: 11788)
The sample compiled with chinese language support
- 1 (219).exe (PID: 6668)
- Unicorn-35507.exe (PID: 8552)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-13249.exe (PID: 5380)
- Unicorn-5382.exe (PID: 8904)
- Unicorn-25107.exe (PID: 5228)
- Unicorn-60084.exe (PID: 8480)
- Unicorn-27665.exe (PID: 8708)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-35315.exe (PID: 7340)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-60338.exe (PID: 8396)
- Unicorn-10265.exe (PID: 4620)
- Unicorn-44277.exe (PID: 8896)
- Unicorn-33945.exe (PID: 7268)
Reads the computer name
- 1 (219).exe (PID: 6668)
- Unicorn-52948.exe (PID: 5392)
- Unicorn-63420.exe (PID: 2108)
- Unicorn-28178.exe (PID: 5204)
- Unicorn-1111.exe (PID: 6324)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-28037.exe (PID: 2268)
- Unicorn-46420.exe (PID: 5984)
- Unicorn-5890.exe (PID: 5868)
- Unicorn-28304.exe (PID: 1672)
- Unicorn-41708.exe (PID: 6872)
- Unicorn-41791.exe (PID: 4180)
- Unicorn-21925.exe (PID: 4988)
- Unicorn-62512.exe (PID: 516)
- Unicorn-41708.exe (PID: 4068)
- Unicorn-31459.exe (PID: 6228)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-3773.exe (PID: 7232)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-27814.exe (PID: 7252)
- Unicorn-34529.exe (PID: 7332)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-57909.exe (PID: 7496)
- Unicorn-24116.exe (PID: 7532)
- Unicorn-63083.exe (PID: 7548)
- Unicorn-39408.exe (PID: 7628)
- Unicorn-31034.exe (PID: 7808)
- Unicorn-32907.exe (PID: 7768)
- Unicorn-1660.exe (PID: 7936)
- Unicorn-57721.exe (PID: 7720)
- Unicorn-40271.exe (PID: 7840)
- Unicorn-39155.exe (PID: 7696)
- Unicorn-46638.exe (PID: 7612)
- Unicorn-13327.exe (PID: 4112)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-25536.exe (PID: 8196)
- Unicorn-37142.exe (PID: 8352)
- Unicorn-35388.exe (PID: 8308)
- Unicorn-60338.exe (PID: 8396)
Create files in a temporary directory
- Unicorn-28178.exe (PID: 5204)
- Unicorn-52948.exe (PID: 5392)
- 1 (219).exe (PID: 6668)
- Unicorn-34530.exe (PID: 1568)
- Unicorn-28037.exe (PID: 2268)
- Unicorn-1111.exe (PID: 6324)
- Unicorn-28304.exe (PID: 1672)
- Unicorn-63420.exe (PID: 2108)
- Unicorn-62512.exe (PID: 516)
- Unicorn-41708.exe (PID: 4068)
- Unicorn-5506.exe (PID: 4120)
- Unicorn-16164.exe (PID: 5408)
- Unicorn-13249.exe (PID: 5380)
- Unicorn-56382.exe (PID: 5596)
- Unicorn-31459.exe (PID: 6228)
- Unicorn-3773.exe (PID: 7232)
- Unicorn-11858.exe (PID: 4844)
- Unicorn-53104.exe (PID: 7184)
- Unicorn-27814.exe (PID: 7252)
- Unicorn-25014.exe (PID: 7260)
- Unicorn-25107.exe (PID: 5228)
- Unicorn-9056.exe (PID: 7176)
- Unicorn-46420.exe (PID: 5984)
- Unicorn-35315.exe (PID: 7340)
- Unicorn-17779.exe (PID: 7364)
- Unicorn-41791.exe (PID: 4180)
- Unicorn-35315.exe (PID: 7324)
- Unicorn-42772.exe (PID: 7476)
- Unicorn-48444.exe (PID: 4464)
- Unicorn-5890.exe (PID: 5868)
- Unicorn-1054.exe (PID: 7504)
- Unicorn-41708.exe (PID: 6872)
- Unicorn-63083.exe (PID: 7548)
- Unicorn-7857.exe (PID: 7212)
- Unicorn-39408.exe (PID: 7628)
- Unicorn-23888.exe (PID: 7680)
- Unicorn-24826.exe (PID: 7580)
- Unicorn-13180.exe (PID: 7620)
- Unicorn-46638.exe (PID: 7596)
- Unicorn-31034.exe (PID: 7808)
- Unicorn-30903.exe (PID: 7888)
- Unicorn-63851.exe (PID: 7736)
- Unicorn-13249.exe (PID: 5576)
- Unicorn-43239.exe (PID: 7704)
- Unicorn-43108.exe (PID: 7744)
- Unicorn-20405.exe (PID: 7828)
- Unicorn-18459.exe (PID: 7776)
- Unicorn-48738.exe (PID: 7800)
- Unicorn-33945.exe (PID: 7276)
- Unicorn-30903.exe (PID: 7880)
- Unicorn-21925.exe (PID: 4988)
- Unicorn-19851.exe (PID: 7756)
- Unicorn-55538.exe (PID: 8080)
- Unicorn-29450.exe (PID: 8116)
- Unicorn-32103.exe (PID: 7848)
- Unicorn-39155.exe (PID: 7696)
- Unicorn-34529.exe (PID: 7332)
- Unicorn-13327.exe (PID: 4112)
- Unicorn-22464.exe (PID: 6964)
- Unicorn-57909.exe (PID: 7496)
- Unicorn-17495.exe (PID: 1244)
- Unicorn-11940.exe (PID: 4652)
- Unicorn-30301.exe (PID: 6972)
- Unicorn-9140.exe (PID: 4228)
- Unicorn-26924.exe (PID: 1912)
- Unicorn-33945.exe (PID: 7268)
- Unicorn-10265.exe (PID: 4620)
- Unicorn-25536.exe (PID: 8196)
- Unicorn-61646.exe (PID: 8336)
- Unicorn-25455.exe (PID: 7604)
- Unicorn-46638.exe (PID: 7612)
- Unicorn-42086.exe (PID: 8384)
- Unicorn-44692.exe (PID: 7564)
- Unicorn-37142.exe (PID: 8352)
- Unicorn-7525.exe (PID: 7920)
- Unicorn-8667.exe (PID: 7792)
- Unicorn-40271.exe (PID: 7840)
- Unicorn-24116.exe (PID: 7532)
- Unicorn-60084.exe (PID: 8480)
- Unicorn-60338.exe (PID: 8396)
- Unicorn-16046.exe (PID: 8564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:20 00:32:00+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
399
Monitored processes
265
Malicious processes
44
Suspicious processes
38
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 456 | C:\Users\admin\AppData\Local\Temp\Unicorn-40477.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40477.exe | — | Unicorn-34530.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 472 | C:\Users\admin\AppData\Local\Temp\Unicorn-55320.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-55320.exe | Unicorn-24116.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 516 | C:\Users\admin\AppData\Local\Temp\Unicorn-62512.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-62512.exe | Unicorn-34530.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 720 | C:\WINDOWS\system32\SppExtComObj.exe -Embedding | C:\Windows\System32\SppExtComObj.Exe | — | svchost.exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: KMS Connection Broker Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1244 | C:\Users\admin\AppData\Local\Temp\Unicorn-17495.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17495.exe | Unicorn-1054.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1568 | C:\Users\admin\AppData\Local\Temp\Unicorn-34530.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34530.exe | Unicorn-52948.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1672 | C:\Users\admin\AppData\Local\Temp\Unicorn-28304.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28304.exe | Unicorn-1111.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1748 | C:\Users\admin\AppData\Local\Temp\Unicorn-37369.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37369.exe | — | Unicorn-3773.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1912 | C:\Users\admin\AppData\Local\Temp\Unicorn-26924.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26924.exe | Unicorn-63083.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2084 | C:\Users\admin\AppData\Local\Temp\Unicorn-58283.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58283.exe | — | Unicorn-33945.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
5 557
Read events
5 557
Write events
0
Delete events
0
Modification events
Executable files
628
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 5392 | Unicorn-52948.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-63420.exe | executable | |
MD5:0668C822CFE144DCED4A96494F7292D2 | SHA256:8553518ABDD449412E7B63A72836939A338E301BED4870E752753ACE1179957A | |||
| 6668 | 1 (219).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28037.exe | executable | |
MD5:EBC8670C8695848BC965800547B00095 | SHA256:D540B7686A964C97163F979DD3801D3D9F78A9B010D9144910D307892FF5B201 | |||
| 2108 | Unicorn-63420.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-1111.exe | executable | |
MD5:D73DE056C09026ED317530575CCB2CDF | SHA256:FACF4D785AD17EA679E0B5F0EB2C0A2114CF5C239595F11F32BFB2BEB67A101A | |||
| 2268 | Unicorn-28037.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41708.exe | executable | |
MD5:152F0CE72B571243E41777E0B00E7AB3 | SHA256:318631A67857845A472F853660A4AEC1EBDB43FB0782DBAC8C61A51AD9801DC1 | |||
| 6668 | 1 (219).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52948.exe | executable | |
MD5:7062B25546AF6FE5749D2BB7C012C923 | SHA256:CE9227ABF450B258FD7BACD72D437C08F5CE3BCCD44258F3360132A72B294E86 | |||
| 5204 | Unicorn-28178.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-5506.exe | executable | |
MD5:2467F3401E131B0330155FBC3B996131 | SHA256:FEC56A49529CBD7B9BDBAE58CDD00A5DAB321699B1AC4A116E48EC74B6D475E5 | |||
| 5392 | Unicorn-52948.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31459.exe | executable | |
MD5:E1CF902FD9058444E04D3D587EE8F8B4 | SHA256:53A36035C82D378BEB97BD1FED5B22BCB3E09F8DF00852656A1F561334C1BBBE | |||
| 1672 | Unicorn-28304.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41791.exe | executable | |
MD5:831E2B57AA0116F91AE9A25B7A5D9BE0 | SHA256:EE56945AA090D0E032785CFEEDB6A86380E84C406D0B9078F5C4C0421DA9556E | |||
| 6324 | Unicorn-1111.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21925.exe | executable | |
MD5:28A4B02518918E94078E1C1062238B85 | SHA256:0C042F5E134A887C9BC3D20E9022CF6F692F757101283D5180300D14DBED4CE1 | |||
| 516 | Unicorn-62512.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13249.exe | executable | |
MD5:F34B0F787646AD43020BDACFD8AF7B35 | SHA256:38BB997E9510DC3F553B76960D511593B56CB714D8B224648CA2256B0F774ECD | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
24
DNS requests
15
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.175:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6516 | backgroundTaskHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8044 | SIHClient.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8044 | SIHClient.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5496 | MoUsoCoreWorker.exe | 23.48.23.175:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 40.126.32.74:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
2104 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1244 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6516 | backgroundTaskHost.exe | 20.31.169.57:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6516 | backgroundTaskHost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |