5c3d6d93b02a6b4705d0d59f499c8ee400b2ce393d7a68a8532e06d27f1eb789

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56733d579041efdbec68d097528cf1eb.exe
Size

188KB
MD5

56733d579041efdbec68d097528cf1eb
SHA1

ab12924bbf63a554684be254a85300249db6158d
SHA256

5c3d6d93b02a6b4705d0d59f499c8ee400b2ce393d7a68a8532e06d27f1eb789
SHA512

921cdb3d4e2c46fb3bec5ca2817ba186657cf2cc3ade80c0624fb3a7170affcbb90a1dfbae6bfd9f82f454483a0e50148b40810b68f2b14be57e555cfd187f81
SSDEEP

3072:cjjaoXb0+Ak0OjV7ibcd/PHvU86fRSmvu9xzFPPX7lPdpFF:cjWoQzk0C7Ycd/01yF7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 47 IoCs

pid	Process
1216	Unicorn-57930.exe
2776	Unicorn-38901.exe
2848	Unicorn-41096.exe
2116	Unicorn-16914.exe
1888	Unicorn-22425.exe
1092	Unicorn-31252.exe
680	Unicorn-43922.exe
2944	Unicorn-53517.exe
1364	Unicorn-55676.exe
1408	Unicorn-3818.exe
2436	Unicorn-12344.exe
1056	Unicorn-17820.exe
1912	Unicorn-42983.exe
2016	Unicorn-51509.exe
2056	Unicorn-52900.exe
1516	Unicorn-9210.exe
1620	Unicorn-27706.exe
1652	Unicorn-28064.exe
2884	Unicorn-45827.exe
2740	Unicorn-63554.exe
2128	Unicorn-10928.exe
1552	Unicorn-56367.exe
2752	Unicorn-20846.exe
2024	Unicorn-46777.exe
572	Unicorn-36684.exe
668	Unicorn-32958.exe
1672	Unicorn-27154.exe
948	Unicorn-23428.exe
1928	Unicorn-21949.exe
888	Unicorn-62234.exe
1696	Unicorn-45187.exe
2624	Unicorn-53713.exe
832	Unicorn-29230.exe
2140	Unicorn-16267.exe
1372	Unicorn-56552.exe
1880	Unicorn-65078.exe
2324	Unicorn-52115.exe
1308	Unicorn-13843.exe
2348	Unicorn-4964.exe
1220	Unicorn-54487.exe
1088	Unicorn-38208.exe
1160	Unicorn-21161.exe
1932	Unicorn-5146.exe
2640	Unicorn-53636.exe
1648	Unicorn-27617.exe
784	Unicorn-7554.exe
108	Unicorn-60128.exe

Loads dropped DLL 64 IoCs

pid	Process
2484	56733d579041efdbec68d097528cf1eb.exe
2484	56733d579041efdbec68d097528cf1eb.exe
1216	Unicorn-57930.exe
1216	Unicorn-57930.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2776	Unicorn-38901.exe
2776	Unicorn-38901.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2848	Unicorn-41096.exe
2848	Unicorn-41096.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
2116	Unicorn-16914.exe
2116	Unicorn-16914.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
1888	Unicorn-22425.exe
1888	Unicorn-22425.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
2756	WerFault.exe
1092	Unicorn-31252.exe
1092	Unicorn-31252.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
680	Unicorn-43922.exe
680	Unicorn-43922.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe

Program crash 47 IoCs

pid	pid_target	Process	procid_target
2388	2484	WerFault.exe	27
2708	1216	WerFault.exe	28
2832	2776	WerFault.exe	30
1072	2848	WerFault.exe	32
2616	2116	WerFault.exe	34
2756	1888	WerFault.exe	36
916	1092	WerFault.exe	38
2916	680	WerFault.exe	40
1740	2944	WerFault.exe	42
2260	1364	WerFault.exe	44
2672	1408	WerFault.exe	46
1924	2436	WerFault.exe	48
1576	1056	WerFault.exe	52
2076	1912	WerFault.exe	54
1236	2016	WerFault.exe	56
388	2056	WerFault.exe	58
1680	1516	WerFault.exe	60
1544	1620	WerFault.exe	62
2892	1652	WerFault.exe	64
2592	2884	WerFault.exe	66
1952	2740	WerFault.exe	68
2132	2128	WerFault.exe	70
1080	1552	WerFault.exe	72
1108	2752	WerFault.exe	74
2920	2024	WerFault.exe	76
2068	572	WerFault.exe	78
1464	668	WerFault.exe	80
1980	1672	WerFault.exe	82
1812	948	WerFault.exe	84
1804	1928	WerFault.exe	86
2732	888	WerFault.exe	88
1760	1696	WerFault.exe	90
2136	2624	WerFault.exe	92
1184	832	WerFault.exe	94
2912	2140	WerFault.exe	96
1052	1372	WerFault.exe	98
1764	1880	WerFault.exe	100
2168	2324	WerFault.exe	102
1168	1308	WerFault.exe	104
3008	2348	WerFault.exe	106
984	1220	WerFault.exe	108
1192	1088	WerFault.exe	110
2096	1160	WerFault.exe	112
2360	1932	WerFault.exe	114
1084	2640	WerFault.exe	116
1468	1648	WerFault.exe	118
2608	784	WerFault.exe	120

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2484	56733d579041efdbec68d097528cf1eb.exe
1216	Unicorn-57930.exe
2776	Unicorn-38901.exe
2848	Unicorn-41096.exe
2116	Unicorn-16914.exe
1888	Unicorn-22425.exe
1092	Unicorn-31252.exe
680	Unicorn-43922.exe
2944	Unicorn-53517.exe
1364	Unicorn-55676.exe
1408	Unicorn-3818.exe
2436	Unicorn-12344.exe
1056	Unicorn-17820.exe
1912	Unicorn-42983.exe
2016	Unicorn-51509.exe
2056	Unicorn-52900.exe
1516	Unicorn-9210.exe
1620	Unicorn-27706.exe
1652	Unicorn-28064.exe
2884	Unicorn-45827.exe
2740	Unicorn-63554.exe
2128	Unicorn-10928.exe
1552	Unicorn-56367.exe
2752	Unicorn-20846.exe
2024	Unicorn-46777.exe
572	Unicorn-36684.exe
668	Unicorn-32958.exe
1672	Unicorn-27154.exe
948	Unicorn-23428.exe
1928	Unicorn-21949.exe
888	Unicorn-62234.exe
1696	Unicorn-45187.exe
2624	Unicorn-53713.exe
832	Unicorn-29230.exe
2140	Unicorn-16267.exe
1372	Unicorn-56552.exe
1880	Unicorn-65078.exe
2324	Unicorn-52115.exe
1308	Unicorn-13843.exe
2348	Unicorn-4964.exe
1220	Unicorn-54487.exe
1088	Unicorn-38208.exe
1160	Unicorn-21161.exe
1932	Unicorn-5146.exe
2640	Unicorn-53636.exe
1648	Unicorn-27617.exe
784	Unicorn-7554.exe
108	Unicorn-60128.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1216	2484	56733d579041efdbec68d097528cf1eb.exe	28
PID 2484 wrote to memory of 1216	2484	56733d579041efdbec68d097528cf1eb.exe	28
PID 2484 wrote to memory of 1216	2484	56733d579041efdbec68d097528cf1eb.exe	28
PID 2484 wrote to memory of 1216	2484	56733d579041efdbec68d097528cf1eb.exe	28
PID 2484 wrote to memory of 2388	2484	56733d579041efdbec68d097528cf1eb.exe	29
PID 2484 wrote to memory of 2388	2484	56733d579041efdbec68d097528cf1eb.exe	29
PID 2484 wrote to memory of 2388	2484	56733d579041efdbec68d097528cf1eb.exe	29
PID 2484 wrote to memory of 2388	2484	56733d579041efdbec68d097528cf1eb.exe	29
PID 1216 wrote to memory of 2776	1216	Unicorn-57930.exe	30
PID 1216 wrote to memory of 2776	1216	Unicorn-57930.exe	30
PID 1216 wrote to memory of 2776	1216	Unicorn-57930.exe	30
PID 1216 wrote to memory of 2776	1216	Unicorn-57930.exe	30
PID 1216 wrote to memory of 2708	1216	Unicorn-57930.exe	31
PID 1216 wrote to memory of 2708	1216	Unicorn-57930.exe	31
PID 1216 wrote to memory of 2708	1216	Unicorn-57930.exe	31
PID 1216 wrote to memory of 2708	1216	Unicorn-57930.exe	31
PID 2776 wrote to memory of 2848	2776	Unicorn-38901.exe	32
PID 2776 wrote to memory of 2848	2776	Unicorn-38901.exe	32
PID 2776 wrote to memory of 2848	2776	Unicorn-38901.exe	32
PID 2776 wrote to memory of 2848	2776	Unicorn-38901.exe	32
PID 2776 wrote to memory of 2832	2776	Unicorn-38901.exe	33
PID 2776 wrote to memory of 2832	2776	Unicorn-38901.exe	33
PID 2776 wrote to memory of 2832	2776	Unicorn-38901.exe	33
PID 2776 wrote to memory of 2832	2776	Unicorn-38901.exe	33
PID 2848 wrote to memory of 2116	2848	Unicorn-41096.exe	34
PID 2848 wrote to memory of 2116	2848	Unicorn-41096.exe	34
PID 2848 wrote to memory of 2116	2848	Unicorn-41096.exe	34
PID 2848 wrote to memory of 2116	2848	Unicorn-41096.exe	34
PID 2848 wrote to memory of 1072	2848	Unicorn-41096.exe	35
PID 2848 wrote to memory of 1072	2848	Unicorn-41096.exe	35
PID 2848 wrote to memory of 1072	2848	Unicorn-41096.exe	35
PID 2848 wrote to memory of 1072	2848	Unicorn-41096.exe	35
PID 2116 wrote to memory of 1888	2116	Unicorn-16914.exe	36
PID 2116 wrote to memory of 1888	2116	Unicorn-16914.exe	36
PID 2116 wrote to memory of 1888	2116	Unicorn-16914.exe	36
PID 2116 wrote to memory of 1888	2116	Unicorn-16914.exe	36
PID 2116 wrote to memory of 2616	2116	Unicorn-16914.exe	37
PID 2116 wrote to memory of 2616	2116	Unicorn-16914.exe	37
PID 2116 wrote to memory of 2616	2116	Unicorn-16914.exe	37
PID 2116 wrote to memory of 2616	2116	Unicorn-16914.exe	37
PID 1888 wrote to memory of 1092	1888	Unicorn-22425.exe	38
PID 1888 wrote to memory of 1092	1888	Unicorn-22425.exe	38
PID 1888 wrote to memory of 1092	1888	Unicorn-22425.exe	38
PID 1888 wrote to memory of 1092	1888	Unicorn-22425.exe	38
PID 1888 wrote to memory of 2756	1888	Unicorn-22425.exe	39
PID 1888 wrote to memory of 2756	1888	Unicorn-22425.exe	39
PID 1888 wrote to memory of 2756	1888	Unicorn-22425.exe	39
PID 1888 wrote to memory of 2756	1888	Unicorn-22425.exe	39
PID 1092 wrote to memory of 680	1092	Unicorn-31252.exe	40
PID 1092 wrote to memory of 680	1092	Unicorn-31252.exe	40
PID 1092 wrote to memory of 680	1092	Unicorn-31252.exe	40
PID 1092 wrote to memory of 680	1092	Unicorn-31252.exe	40
PID 1092 wrote to memory of 916	1092	Unicorn-31252.exe	41
PID 1092 wrote to memory of 916	1092	Unicorn-31252.exe	41
PID 1092 wrote to memory of 916	1092	Unicorn-31252.exe	41
PID 1092 wrote to memory of 916	1092	Unicorn-31252.exe	41
PID 680 wrote to memory of 2944	680	Unicorn-43922.exe	42
PID 680 wrote to memory of 2944	680	Unicorn-43922.exe	42
PID 680 wrote to memory of 2944	680	Unicorn-43922.exe	42
PID 680 wrote to memory of 2944	680	Unicorn-43922.exe	42
PID 680 wrote to memory of 2916	680	Unicorn-43922.exe	43
PID 680 wrote to memory of 2916	680	Unicorn-43922.exe	43
PID 680 wrote to memory of 2916	680	Unicorn-43922.exe	43
PID 680 wrote to memory of 2916	680	Unicorn-43922.exe	43

C:\Users\Admin\AppData\Local\Temp\56733d579041efdbec68d097528cf1eb.exe
"C:\Users\Admin\AppData\Local\Temp\56733d579041efdbec68d097528cf1eb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        48⤵
        Program crash
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        47⤵
        Program crash
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        46⤵
        Program crash
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        45⤵
        Program crash
        
        PID:2360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        44⤵
        Program crash
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        43⤵
        Program crash
        
        PID:1192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
        42⤵
        Program crash
        
        PID:984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        41⤵
        Program crash
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        40⤵
        Program crash
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        39⤵
        Program crash
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        38⤵
        Program crash
        
        PID:1764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        37⤵
        Program crash
        
        PID:1052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        36⤵
        Program crash
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        35⤵
        Program crash
        
        PID:1184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        34⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        33⤵
        Program crash
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        32⤵
        Program crash
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        31⤵
        Program crash
        
        PID:1804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        30⤵
        Program crash
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        29⤵
        Program crash
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
        28⤵
        Program crash
        
        PID:1464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        27⤵
        Program crash
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        26⤵
        Program crash
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        25⤵
        Program crash
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        24⤵
        Program crash
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        23⤵
        Program crash
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        22⤵
        Program crash
        
        PID:1952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        21⤵
        Program crash
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        20⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        19⤵
        Program crash
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        18⤵
        Program crash
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        17⤵
        Program crash
        
        PID:388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        16⤵
        Program crash
        
        PID:1236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        15⤵
        Program crash
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        14⤵
        Program crash
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        13⤵
        Program crash
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
        12⤵
        Program crash
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        11⤵
        Program crash
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        10⤵
        Program crash
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1072
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
  2⤵
  - Program crash
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe

Filesize
188KB

MD5
eee0bef0fcf0be997d9ca7ed37672dbd

SHA1
64ed042490b7e84f7f9578587bc17aa4643b28a1

SHA256
0eab814acb9cd91c987bc14a36eba1515ad825b8b3487a88cb9641cf36e84c3b

SHA512
c242490751debf9985b6a55af7fa32178b40c444a1b59c268e3790626a7221aff96dd27b1bd1c389050f3a20edb33c44761a0b99647d290eb40a5c9b9e99ca43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe

Filesize
188KB

MD5
7e12317e4cf6cd1f0d61c5125a56fbcd

SHA1
a80706d60b5f21663a635bfc5f40b0fdfe72131e

SHA256
a243b2cd932bd1acf0bdece23c064a4d9ee7f32c191a4cd7cde66c881d8af889

SHA512
a107b16c0372ff68162334dacba9bb1b181ae70865bd04999267d2509210516d244256288f1018985fc6fad8d455e5c7b101f625c49d3105764575d3500cbc41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe

Filesize
188KB

MD5
5485e98faf78f5cc882be8d41d798180

SHA1
b9e6dddedd5a756294ab9ea87de5cee8c3dff463

SHA256
a96abc21c3c6297590bd24c15965e27f09cbd8dab2cbf86248c4548f451497c7

SHA512
eed221ad205973ae8e74a06c274f3597625ff3b7f41f2d04879823913af4d875e3269809bd3fc398dc0e748e9424ea68d79d0afdc3396d8a0e70684c92962c31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe

Filesize
188KB

MD5
19be0b4e3290a2a2827e63c93d29726c

SHA1
5f5c2d3d79102b8dad9ee068ad6a6a037de943d8

SHA256
99f150b5b9b20e691c28fe187c4e189a2e9aa67ef8fe39ecfdac8e5f22c1b3ff

SHA512
0f43b7dde2ad14d9d9039243c5f90025504087259e38170bbe3c4d0e2a6209ae20726360d89d144189703379cd630b0e403a537a815e80747bfcbeb8744efd3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe

Filesize
188KB

MD5
c14b9ac4fb1787055e59bd77bbf0ce27

SHA1
39c1e847047100301b5801e2638704ea9824188f

SHA256
a074a373be7dc83896c97006fa8755e11f3d57282c9ba61ad4acf8b3e0ce3f55

SHA512
e6e208e0260378cfe1f0efd1a8a63ebd061bd7676b1ced830589ff5441c6af80525ae334adafbbb23116cc42f3aefb831dab20b9b1fcb37622c420fa4636700e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe

Filesize
188KB

MD5
358c73f2b53502290e54298166d9dcc7

SHA1
6bd49d802bf73ca6cbd2113e8f294f42f14bbc63

SHA256
5ffbb40353804d5cf1c2fe57d30e35d8c0df06102620812e41e20c0f66ede863

SHA512
794115215bf67c900aa4f6b28818c5f088d93529a6d7140e1a01057949339f2fb676a96e341e1e4d5530fe93b1daf889b88ee68e6a4076dba446aff32d464169

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe

Filesize
188KB

MD5
e50cd464cb8b74bd477ef327c1563a9f

SHA1
6b430988790541dd8398f79c9b952d236cdfa2ad

SHA256
d9349b7235832658260e4c447f410b4e1b6f77b9feb16a93f7a0b59d5d601d58

SHA512
e3234d0d1943cd113ffcfb7515156e10ffadc17da42642ab9afccdb106c8f964e3c4b06dbac58f5ef835096a970a0578970f2d4f2c00ba6164ba32b0521a3c51

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads