| File name: | 1 (1482) |
| Full analysis: | https://app.any.run/tasks/908363ea-73db-4074-9f26-9c29f092b37d |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 17:12:58 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections |
| MD5: | FF497119F744320D1A6F9C962092E170 |
| SHA1: | 5AAC83AAA199D0D7DCA174B8926031DF467EC2DF |
| SHA256: | CC6A0EF1303F2193D21489DB04400DF9AAB740F1447B00F85F6EE058F3F4E048 |
| SSDEEP: | 6144:a788f76JeDrHA5DlUpe6knfx/tBQlvJGBH/WyeOiFk/8SwjwpyAvEhlHsff+sv7a:aoa2sHA55UoDBmhaHOyeOimx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-25022.exe (PID: 7532)
- Unicorn-22562.exe (PID: 7448)
- 1 (1482).exe (PID: 7352)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-58009.exe (PID: 660)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-45473.exe (PID: 900)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-57673.exe (PID: 920)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-37622.exe (PID: 8116)
- Unicorn-4373.exe (PID: 856)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-37357.exe (PID: 7940)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-55110.exe (PID: 8156)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-47902.exe (PID: 672)
- Unicorn-62510.exe (PID: 7876)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-59922.exe (PID: 864)
- Unicorn-49054.exe (PID: 8412)
- Unicorn-35274.exe (PID: 8728)
- Unicorn-145.exe (PID: 9048)
Executable content was dropped or overwritten
- Unicorn-25022.exe (PID: 7532)
- Unicorn-22562.exe (PID: 7448)
- 1 (1482).exe (PID: 7352)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-58009.exe (PID: 660)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-57673.exe (PID: 920)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-45473.exe (PID: 900)
- Unicorn-55774.exe (PID: 1760)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-4373.exe (PID: 856)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-58684.exe (PID: 5352)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-59922.exe (PID: 864)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-14056.exe (PID: 7924)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-32591.exe (PID: 8652)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-51851.exe (PID: 8608)
- Unicorn-47902.exe (PID: 672)
- Unicorn-63544.exe (PID: 8996)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-145.exe (PID: 9048)
- Unicorn-49054.exe (PID: 8412)
- Unicorn-35274.exe (PID: 8728)
Executes application which crashes
- Unicorn-10304.exe (PID: 7308)
INFO
The sample compiled with chinese language support
- 1 (1482).exe (PID: 7352)
- Unicorn-25022.exe (PID: 7532)
- Unicorn-22562.exe (PID: 7448)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-58009.exe (PID: 660)
- Unicorn-57673.exe (PID: 920)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-45473.exe (PID: 900)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-55774.exe (PID: 1760)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-4373.exe (PID: 856)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-58684.exe (PID: 5352)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-59922.exe (PID: 864)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-14056.exe (PID: 7924)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-32591.exe (PID: 8652)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-51851.exe (PID: 8608)
- Unicorn-47902.exe (PID: 672)
- Unicorn-63544.exe (PID: 8996)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-35274.exe (PID: 8728)
- Unicorn-145.exe (PID: 9048)
- Unicorn-49054.exe (PID: 8412)
Checks supported languages
- 1 (1482).exe (PID: 7352)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-25022.exe (PID: 7532)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-58009.exe (PID: 660)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-45473.exe (PID: 900)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-57673.exe (PID: 920)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-55774.exe (PID: 1760)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-4373.exe (PID: 856)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-62510.exe (PID: 7876)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-37357.exe (PID: 7940)
- Unicorn-37622.exe (PID: 8116)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-14056.exe (PID: 7924)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-53958.exe (PID: 7928)
- Unicorn-55110.exe (PID: 8156)
- Unicorn-51773.exe (PID: 7172)
- Unicorn-6101.exe (PID: 8048)
- Unicorn-5504.exe (PID: 1912)
- Unicorn-46750.exe (PID: 4008)
- Unicorn-13864.exe (PID: 8160)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-59922.exe (PID: 864)
- Unicorn-19122.exe (PID: 5056)
- Unicorn-28612.exe (PID: 6668)
- Unicorn-58684.exe (PID: 5352)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-54150.exe (PID: 6004)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-10304.exe (PID: 7308)
- Unicorn-57414.exe (PID: 8280)
- Unicorn-31758.exe (PID: 8248)
- Unicorn-47902.exe (PID: 672)
- Unicorn-813.exe (PID: 8424)
- Unicorn-9365.exe (PID: 8444)
- Unicorn-34947.exe (PID: 8304)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-36921.exe (PID: 8340)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-14653.exe (PID: 7828)
- Unicorn-49054.exe (PID: 8412)
- Unicorn-50782.exe (PID: 8564)
- Unicorn-51851.exe (PID: 8608)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-30855.exe (PID: 8452)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-32591.exe (PID: 8652)
- Unicorn-18856.exe (PID: 8644)
- Unicorn-38700.exe (PID: 8668)
- Unicorn-55694.exe (PID: 8720)
- Unicorn-35274.exe (PID: 8728)
- Unicorn-47142.exe (PID: 8764)
- Unicorn-42793.exe (PID: 8784)
- Unicorn-63669.exe (PID: 8812)
- Unicorn-60390.exe (PID: 8800)
- Unicorn-55886.exe (PID: 8744)
- Unicorn-62584.exe (PID: 8832)
- Unicorn-63544.exe (PID: 8996)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-48849.exe (PID: 8844)
- Unicorn-27874.exe (PID: 8888)
- Unicorn-145.exe (PID: 9048)
- Unicorn-9491.exe (PID: 8900)
- Unicorn-50524.exe (PID: 8960)
- Unicorn-3369.exe (PID: 8948)
- Unicorn-2985.exe (PID: 8968)
- Unicorn-32320.exe (PID: 8984)
- Unicorn-46056.exe (PID: 8976)
- Unicorn-32342.exe (PID: 9096)
- Unicorn-57038.exe (PID: 9112)
- Unicorn-62637.exe (PID: 9148)
- Unicorn-62637.exe (PID: 9160)
- Unicorn-49830.exe (PID: 9184)
- Unicorn-50385.exe (PID: 9172)
- Unicorn-29410.exe (PID: 6752)
- Unicorn-8989.exe (PID: 4188)
- Unicorn-48870.exe (PID: 9124)
- Unicorn-8035.exe (PID: 9140)
- Unicorn-54106.exe (PID: 4464)
- Unicorn-913.exe (PID: 7644)
- Unicorn-52715.exe (PID: 7404)
- Unicorn-4884.exe (PID: 7600)
- Unicorn-6659.exe (PID: 4692)
- Unicorn-21818.exe (PID: 8796)
- Unicorn-29216.exe (PID: 684)
- Unicorn-26094.exe (PID: 9256)
- Unicorn-63042.exe (PID: 9284)
- Unicorn-29337.exe (PID: 9316)
- Unicorn-9736.exe (PID: 9324)
- Unicorn-48168.exe (PID: 9356)
- Unicorn-32535.exe (PID: 9380)
- Unicorn-29794.exe (PID: 9396)
- Unicorn-1205.exe (PID: 9404)
- Unicorn-64911.exe (PID: 9388)
- Unicorn-53099.exe (PID: 9420)
- Unicorn-17542.exe (PID: 9412)
- Unicorn-26670.exe (PID: 9428)
- Unicorn-57074.exe (PID: 9436)
- Unicorn-5600.exe (PID: 9480)
- Unicorn-44852.exe (PID: 9488)
- Unicorn-14225.exe (PID: 9544)
- Unicorn-19248.exe (PID: 9444)
- Unicorn-43560.exe (PID: 9552)
- Unicorn-4011.exe (PID: 9572)
Reads the computer name
- 1 (1482).exe (PID: 7352)
- Unicorn-25022.exe (PID: 7532)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-58009.exe (PID: 660)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-45473.exe (PID: 900)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-57673.exe (PID: 920)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-55774.exe (PID: 1760)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-4373.exe (PID: 856)
- Unicorn-37622.exe (PID: 8116)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-58684.exe (PID: 5352)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-14056.exe (PID: 7924)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-55110.exe (PID: 8156)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-59922.exe (PID: 864)
- Unicorn-37357.exe (PID: 7940)
- Unicorn-32591.exe (PID: 8652)
- Unicorn-62510.exe (PID: 7876)
- Unicorn-47902.exe (PID: 672)
- Unicorn-63544.exe (PID: 8996)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-51851.exe (PID: 8608)
- Unicorn-145.exe (PID: 9048)
- Unicorn-35274.exe (PID: 8728)
- Unicorn-57414.exe (PID: 8280)
- Unicorn-49054.exe (PID: 8412)
- Unicorn-30855.exe (PID: 8452)
- Unicorn-31758.exe (PID: 8248)
- Unicorn-42793.exe (PID: 8784)
- Unicorn-1205.exe (PID: 9404)
- Unicorn-27874.exe (PID: 8888)
- Unicorn-3369.exe (PID: 8948)
- Unicorn-6101.exe (PID: 8048)
- Unicorn-51773.exe (PID: 7172)
- Unicorn-48849.exe (PID: 8844)
Create files in a temporary directory
- 1 (1482).exe (PID: 7352)
- Unicorn-50273.exe (PID: 7556)
- Unicorn-56085.exe (PID: 1672)
- Unicorn-14497.exe (PID: 7192)
- Unicorn-22562.exe (PID: 7448)
- Unicorn-16994.exe (PID: 6244)
- Unicorn-31061.exe (PID: 1276)
- Unicorn-17954.exe (PID: 1852)
- Unicorn-27518.exe (PID: 8172)
- Unicorn-6448.exe (PID: 7268)
- Unicorn-58009.exe (PID: 660)
- Unicorn-26049.exe (PID: 7284)
- Unicorn-57568.exe (PID: 7200)
- Unicorn-57170.exe (PID: 5776)
- Unicorn-28198.exe (PID: 5380)
- Unicorn-35795.exe (PID: 3888)
- Unicorn-50325.exe (PID: 1184)
- Unicorn-43640.exe (PID: 2236)
- Unicorn-12053.exe (PID: 2692)
- Unicorn-22230.exe (PID: 4208)
- Unicorn-9484.exe (PID: 5008)
- Unicorn-49770.exe (PID: 6644)
- Unicorn-39054.exe (PID: 6192)
- Unicorn-15369.exe (PID: 1512)
- Unicorn-6936.exe (PID: 5376)
- Unicorn-22451.exe (PID: 7288)
- Unicorn-64139.exe (PID: 7252)
- Unicorn-55561.exe (PID: 1628)
- Unicorn-32539.exe (PID: 1676)
- Unicorn-59090.exe (PID: 5800)
- Unicorn-25022.exe (PID: 7532)
- Unicorn-45473.exe (PID: 900)
- Unicorn-55774.exe (PID: 1760)
- Unicorn-33307.exe (PID: 5428)
- Unicorn-27378.exe (PID: 5528)
- Unicorn-32976.exe (PID: 7616)
- Unicorn-46836.exe (PID: 6132)
- Unicorn-16086.exe (PID: 7812)
- Unicorn-31270.exe (PID: 7148)
- Unicorn-55810.exe (PID: 6712)
- Unicorn-29240.exe (PID: 1568)
- Unicorn-6219.exe (PID: 6592)
- Unicorn-57673.exe (PID: 920)
- Unicorn-12308.exe (PID: 7676)
- Unicorn-23816.exe (PID: 5228)
- Unicorn-1595.exe (PID: 7612)
- Unicorn-61373.exe (PID: 8036)
- Unicorn-7725.exe (PID: 7480)
- Unicorn-4653.exe (PID: 1228)
- Unicorn-49121.exe (PID: 8068)
- Unicorn-40760.exe (PID: 7656)
- Unicorn-32038.exe (PID: 7920)
- Unicorn-61062.exe (PID: 3304)
- Unicorn-37622.exe (PID: 8140)
- Unicorn-24254.exe (PID: 7716)
- Unicorn-37627.exe (PID: 2600)
- Unicorn-9396.exe (PID: 4980)
- Unicorn-41851.exe (PID: 7816)
- Unicorn-51259.exe (PID: 1328)
- Unicorn-15702.exe (PID: 8028)
- Unicorn-40517.exe (PID: 7712)
- Unicorn-4373.exe (PID: 856)
- Unicorn-44674.exe (PID: 8020)
- Unicorn-56734.exe (PID: 6676)
- Unicorn-16631.exe (PID: 8060)
- Unicorn-49822.exe (PID: 8536)
- Unicorn-19314.exe (PID: 7416)
- Unicorn-23590.exe (PID: 8232)
- Unicorn-2903.exe (PID: 4164)
- Unicorn-41196.exe (PID: 1280)
- Unicorn-58684.exe (PID: 5352)
- Unicorn-65198.exe (PID: 8356)
- Unicorn-54259.exe (PID: 5360)
- Unicorn-21212.exe (PID: 8312)
- Unicorn-23080.exe (PID: 6808)
- Unicorn-54688.exe (PID: 1128)
- Unicorn-21094.exe (PID: 5024)
- Unicorn-14056.exe (PID: 7924)
- Unicorn-59922.exe (PID: 864)
- Unicorn-51529.exe (PID: 8620)
- Unicorn-32591.exe (PID: 8652)
- Unicorn-55198.exe (PID: 4756)
- Unicorn-51851.exe (PID: 8608)
- Unicorn-47902.exe (PID: 672)
- Unicorn-63544.exe (PID: 8996)
- Unicorn-14741.exe (PID: 6044)
- Unicorn-27098.exe (PID: 7952)
- Unicorn-49254.exe (PID: 9012)
- Unicorn-49054.exe (PID: 8412)
- Unicorn-35274.exe (PID: 8728)
- Unicorn-145.exe (PID: 9048)
Creates files or folders in the user directory
- WerFault.exe (PID: 9580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug, Removable run from swap, Net run from swap, Uniprocessor only, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFIÓ |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
318
Monitored processes
186
Malicious processes
27
Suspicious processes
21
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-58009.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58009.exe | Unicorn-22562.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 672 | C:\Users\admin\AppData\Local\Temp\Unicorn-47902.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47902.exe | Unicorn-27378.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 684 | C:\Users\admin\AppData\Local\Temp\Unicorn-29216.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29216.exe | — | Unicorn-25022.exe | |||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 856 | C:\Users\admin\AppData\Local\Temp\Unicorn-4373.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4373.exe | Unicorn-55561.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 864 | C:\Users\admin\AppData\Local\Temp\Unicorn-59922.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-59922.exe | 1 (1482).exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 900 | C:\Users\admin\AppData\Local\Temp\Unicorn-45473.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45473.exe | Unicorn-27518.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 920 | C:\Users\admin\AppData\Local\Temp\Unicorn-57673.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57673.exe | Unicorn-22562.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1128 | C:\Users\admin\AppData\Local\Temp\Unicorn-54688.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54688.exe | Unicorn-57568.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1184 | C:\Users\admin\AppData\Local\Temp\Unicorn-50325.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-50325.exe | Unicorn-14497.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1228 | C:\Users\admin\AppData\Local\Temp\Unicorn-4653.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4653.exe | Unicorn-58009.exe | ||||||||||||
User: admin Company: UEFIÓ Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
5 399
Read events
5 399
Write events
0
Delete events
0
Modification events
Executable files
181
Suspicious files
2
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7448 | Unicorn-22562.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25022.exe | executable | |
MD5:F22D0E7518FAEFAFADD3B0834B46CED2 | SHA256:6A1CDEB470DC84AF9EF19389463E94477341F583E6326FF44F566AB554251C2E | |||
| 7352 | 1 (1482).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22562.exe | executable | |
MD5:907FD6050AAB26DBF9CD18716DB41811 | SHA256:656C169F6129F8C4E40A879CE1EE5E45F5FAD950B9E9F628CF8A6FBA7401D9F6 | |||
| 7352 | 1 (1482).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-50273.exe | executable | |
MD5:8A575EF82F046F58F8918184A077586A | SHA256:EDA8C9141B7883904DAF119FB9AFD666802DEFCB3A6B5DF2D9589BD1BC49F627 | |||
| 7352 | 1 (1482).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57568.exe | executable | |
MD5:590A2927D923934746226AAD74E99C80 | SHA256:75A379812548F919D671067F9729002ECC2DBBEBA006AA7215AC39FAD80E27EA | |||
| 7556 | Unicorn-50273.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-6448.exe | executable | |
MD5:9A0735B7A22FE19F6BA4B26EA62CA18F | SHA256:B14AB923EDAC2D237F8F54D3B0E336FB60D18B3F5EF4CC5A332CEDF9D18100CA | |||
| 1672 | Unicorn-56085.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17954.exe | executable | |
MD5:DFD8261EC60ADBA8A5D1EA2C89447B05 | SHA256:D29DF8563E620928ADF49C658B6DFB2F5F36EE6EB18AEB380F3C3723C7DB7861 | |||
| 7192 | Unicorn-14497.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22230.exe | executable | |
MD5:88F2130AC2E584DE2FDEBD4E2175422B | SHA256:46CD4243740CA79206674D411B1E7DB875D123B9DEAA577F0810D45B289B266F | |||
| 7532 | Unicorn-25022.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27518.exe | executable | |
MD5:29AC1DCE2952583667DEA59EF845E962 | SHA256:55D0C7BE33C2685474C27EF6A1E14363D82F66FC3B25D2629477FC1A9EEF1C69 | |||
| 7532 | Unicorn-25022.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31061.exe | executable | |
MD5:4CFED1C3CD46FD9593035DE03BA0C430 | SHA256:1CB7853D3FDC4E7491D4053565A8C873C551EFBDBD5D1C54DA51221CC6B567AF | |||
| 7556 | Unicorn-50273.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14497.exe | executable | |
MD5:214224FDC3BFCBC458F1AAE68F0E5A46 | SHA256:42E28206B0E455D298154ADB192E333A82FB73DECC60A276E464AA17FE0D2C59 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
21
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
7392 | backgroundTaskHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7156 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
7156 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.160.14:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
2112 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.31.67:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7392 | backgroundTaskHost.exe | 20.223.36.55:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7392 | backgroundTaskHost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
nexusrules.officeapps.live.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |