fd112ec6772b7e2666a657f934a243fbeb49fb07b25dcc8f9589982d3efd10a8

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b187d6ced8e79b8c640f9a98aef48bd9.exe
Size

184KB
MD5

b187d6ced8e79b8c640f9a98aef48bd9
SHA1

9e9cae4bb2b48349be88d58c3fb9127e0449b7e3
SHA256

fd112ec6772b7e2666a657f934a243fbeb49fb07b25dcc8f9589982d3efd10a8
SHA512

6cd090260d4382bfc87765a61ef3127107049299b331152412be102036e93a0447decdf86bc110e35a590cd759a8aaadb9b5d869c89f71d8a34d6b70f206eef0
SSDEEP

3072:afLMo33OfpACryjqdDe0wZF/wd46EP2FopuxuBHxENlPvpFB:afIoCGCrJdq0wZNWi4NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 50 IoCs

pid	Process
1796	Unicorn-29103.exe
2328	Unicorn-52813.exe
2692	Unicorn-37031.exe
2916	Unicorn-58926.exe
2616	Unicorn-43144.exe
2564	Unicorn-28200.exe
2940	Unicorn-20847.exe
288	Unicorn-43960.exe
2236	Unicorn-33099.exe
1632	Unicorn-43405.exe
1528	Unicorn-31707.exe
1808	Unicorn-23945.exe
1148	Unicorn-50587.exe
2020	Unicorn-46503.exe
2268	Unicorn-6025.exe
2092	Unicorn-20415.exe
2752	Unicorn-40281.exe
900	Unicorn-57172.exe
1820	Unicorn-19944.exe
740	Unicorn-45195.exe
1168	Unicorn-21890.exe
1784	Unicorn-8246.exe
2280	Unicorn-47141.exe
1716	Unicorn-36280.exe
868	Unicorn-55885.exe
2148	Unicorn-28688.exe
1608	Unicorn-20328.exe
1692	Unicorn-20328.exe
2136	Unicorn-462.exe
2012	Unicorn-18190.exe
2804	Unicorn-58921.exe
2676	Unicorn-16497.exe
1000	Unicorn-38309.exe
1984	Unicorn-8905.exe
2156	Unicorn-2128.exe
2928	Unicorn-20603.exe
996	Unicorn-2683.exe
1764	Unicorn-38693.exe
2632	Unicorn-33217.exe
3020	Unicorn-59881.exe
1516	Unicorn-27401.exe
992	Unicorn-7535.exe
2056	Unicorn-27401.exe
1996	Unicorn-36663.exe
1288	Unicorn-56529.exe
2228	Unicorn-52253.exe
1212	Unicorn-47354.exe
824	Unicorn-33286.exe
736	Unicorn-15750.exe
1308	Unicorn-20218.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	b187d6ced8e79b8c640f9a98aef48bd9.exe
2404	b187d6ced8e79b8c640f9a98aef48bd9.exe
1796	Unicorn-29103.exe
2404	b187d6ced8e79b8c640f9a98aef48bd9.exe
1796	Unicorn-29103.exe
2404	b187d6ced8e79b8c640f9a98aef48bd9.exe
2328	Unicorn-52813.exe
2328	Unicorn-52813.exe
1796	Unicorn-29103.exe
2692	Unicorn-37031.exe
1796	Unicorn-29103.exe
2692	Unicorn-37031.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
2916	Unicorn-58926.exe
2916	Unicorn-58926.exe
2328	Unicorn-52813.exe
2328	Unicorn-52813.exe
2616	Unicorn-43144.exe
2616	Unicorn-43144.exe
2564	Unicorn-28200.exe
2564	Unicorn-28200.exe
2692	Unicorn-37031.exe
2692	Unicorn-37031.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
288	Unicorn-43960.exe
288	Unicorn-43960.exe
2236	Unicorn-33099.exe
2236	Unicorn-33099.exe
2940	Unicorn-20847.exe
2940	Unicorn-20847.exe
2916	Unicorn-58926.exe
2916	Unicorn-58926.exe
2616	Unicorn-43144.exe
2616	Unicorn-43144.exe
1528	Unicorn-31707.exe
1528	Unicorn-31707.exe
2564	Unicorn-28200.exe
2564	Unicorn-28200.exe
2456	WerFault.exe

Program crash 35 IoCs

pid	pid_target	Process	procid_target
2820	2404	WerFault.exe	27
1344	1796	WerFault.exe	28
1100	2328	WerFault.exe	29
2380	2692	WerFault.exe	30
2456	2916	WerFault.exe	32
1552	2616	WerFault.exe	34
1144	2564	WerFault.exe	33
2768	2940	WerFault.exe	36
2788	2236	WerFault.exe	39
3040	1528	WerFault.exe	40
1028	1632	WerFault.exe	38
2076	1808	WerFault.exe	43
1036	2092	WerFault.exe	47
1184	1148	WerFault.exe	44
1032	900	WerFault.exe	49
2748	1608	WerFault.exe	62
1968	1692	WerFault.exe	61
1508	2148	WerFault.exe	60
472	2752	WerFault.exe	48
1620	1716	WerFault.exe	58
1496	2280	WerFault.exe	57
1932	288	WerFault.exe	37
2312	2156	WerFault.exe	71
2068	2136	WerFault.exe	63
1244	1784	WerFault.exe	56
2192	1984	WerFault.exe	70
2432	1820	WerFault.exe	53
2084	1168	WerFault.exe	55
1256	2020	WerFault.exe	45
884	2676	WerFault.exe	68
2756	868	WerFault.exe	59
2856	2268	WerFault.exe	46
3192	2804	WerFault.exe	65
3200	2012	WerFault.exe	64
3248	2928	WerFault.exe	72

Suspicious use of SetWindowsHookEx 50 IoCs

pid	Process
2404	b187d6ced8e79b8c640f9a98aef48bd9.exe
1796	Unicorn-29103.exe
2328	Unicorn-52813.exe
2692	Unicorn-37031.exe
2916	Unicorn-58926.exe
2564	Unicorn-28200.exe
2616	Unicorn-43144.exe
2940	Unicorn-20847.exe
288	Unicorn-43960.exe
2236	Unicorn-33099.exe
1528	Unicorn-31707.exe
1632	Unicorn-43405.exe
1808	Unicorn-23945.exe
1148	Unicorn-50587.exe
2020	Unicorn-46503.exe
2092	Unicorn-20415.exe
2752	Unicorn-40281.exe
2268	Unicorn-6025.exe
900	Unicorn-57172.exe
1820	Unicorn-19944.exe
740	Unicorn-45195.exe
1168	Unicorn-21890.exe
1784	Unicorn-8246.exe
1716	Unicorn-36280.exe
2280	Unicorn-47141.exe
2148	Unicorn-28688.exe
1692	Unicorn-20328.exe
1608	Unicorn-20328.exe
868	Unicorn-55885.exe
2012	Unicorn-18190.exe
2136	Unicorn-462.exe
2804	Unicorn-58921.exe
2676	Unicorn-16497.exe
1984	Unicorn-8905.exe
1000	Unicorn-38309.exe
2156	Unicorn-2128.exe
2928	Unicorn-20603.exe
996	Unicorn-2683.exe
1764	Unicorn-38693.exe
3020	Unicorn-59881.exe
1288	Unicorn-56529.exe
824	Unicorn-33286.exe
2056	Unicorn-27401.exe
1996	Unicorn-36663.exe
992	Unicorn-7535.exe
736	Unicorn-15750.exe
1212	Unicorn-47354.exe
2228	Unicorn-52253.exe
1516	Unicorn-27401.exe
1308	Unicorn-20218.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1796	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	28
PID 2404 wrote to memory of 1796	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	28
PID 2404 wrote to memory of 1796	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	28
PID 2404 wrote to memory of 1796	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	28
PID 1796 wrote to memory of 2328	1796	Unicorn-29103.exe	29
PID 1796 wrote to memory of 2328	1796	Unicorn-29103.exe	29
PID 1796 wrote to memory of 2328	1796	Unicorn-29103.exe	29
PID 1796 wrote to memory of 2328	1796	Unicorn-29103.exe	29
PID 2404 wrote to memory of 2692	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	30
PID 2404 wrote to memory of 2692	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	30
PID 2404 wrote to memory of 2692	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	30
PID 2404 wrote to memory of 2692	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	30
PID 2404 wrote to memory of 2820	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	31
PID 2404 wrote to memory of 2820	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	31
PID 2404 wrote to memory of 2820	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	31
PID 2404 wrote to memory of 2820	2404	b187d6ced8e79b8c640f9a98aef48bd9.exe	31
PID 2328 wrote to memory of 2916	2328	Unicorn-52813.exe	32
PID 2328 wrote to memory of 2916	2328	Unicorn-52813.exe	32
PID 2328 wrote to memory of 2916	2328	Unicorn-52813.exe	32
PID 2328 wrote to memory of 2916	2328	Unicorn-52813.exe	32
PID 1796 wrote to memory of 2616	1796	Unicorn-29103.exe	34
PID 1796 wrote to memory of 2616	1796	Unicorn-29103.exe	34
PID 1796 wrote to memory of 2616	1796	Unicorn-29103.exe	34
PID 1796 wrote to memory of 2616	1796	Unicorn-29103.exe	34
PID 2692 wrote to memory of 2564	2692	Unicorn-37031.exe	33
PID 2692 wrote to memory of 2564	2692	Unicorn-37031.exe	33
PID 2692 wrote to memory of 2564	2692	Unicorn-37031.exe	33
PID 2692 wrote to memory of 2564	2692	Unicorn-37031.exe	33
PID 1796 wrote to memory of 1344	1796	Unicorn-29103.exe	35
PID 1796 wrote to memory of 1344	1796	Unicorn-29103.exe	35
PID 1796 wrote to memory of 1344	1796	Unicorn-29103.exe	35
PID 1796 wrote to memory of 1344	1796	Unicorn-29103.exe	35
PID 2916 wrote to memory of 2940	2916	Unicorn-58926.exe	36
PID 2916 wrote to memory of 2940	2916	Unicorn-58926.exe	36
PID 2916 wrote to memory of 2940	2916	Unicorn-58926.exe	36
PID 2916 wrote to memory of 2940	2916	Unicorn-58926.exe	36
PID 2328 wrote to memory of 288	2328	Unicorn-52813.exe	37
PID 2328 wrote to memory of 288	2328	Unicorn-52813.exe	37
PID 2328 wrote to memory of 288	2328	Unicorn-52813.exe	37
PID 2328 wrote to memory of 288	2328	Unicorn-52813.exe	37
PID 2616 wrote to memory of 2236	2616	Unicorn-43144.exe	39
PID 2616 wrote to memory of 2236	2616	Unicorn-43144.exe	39
PID 2616 wrote to memory of 2236	2616	Unicorn-43144.exe	39
PID 2616 wrote to memory of 2236	2616	Unicorn-43144.exe	39
PID 2564 wrote to memory of 1632	2564	Unicorn-28200.exe	38
PID 2564 wrote to memory of 1632	2564	Unicorn-28200.exe	38
PID 2564 wrote to memory of 1632	2564	Unicorn-28200.exe	38
PID 2564 wrote to memory of 1632	2564	Unicorn-28200.exe	38
PID 2692 wrote to memory of 1528	2692	Unicorn-37031.exe	40
PID 2692 wrote to memory of 1528	2692	Unicorn-37031.exe	40
PID 2692 wrote to memory of 1528	2692	Unicorn-37031.exe	40
PID 2692 wrote to memory of 1528	2692	Unicorn-37031.exe	40
PID 2328 wrote to memory of 1100	2328	Unicorn-52813.exe	41
PID 2328 wrote to memory of 1100	2328	Unicorn-52813.exe	41
PID 2328 wrote to memory of 1100	2328	Unicorn-52813.exe	41
PID 2328 wrote to memory of 1100	2328	Unicorn-52813.exe	41
PID 2692 wrote to memory of 2380	2692	Unicorn-37031.exe	42
PID 2692 wrote to memory of 2380	2692	Unicorn-37031.exe	42
PID 2692 wrote to memory of 2380	2692	Unicorn-37031.exe	42
PID 2692 wrote to memory of 2380	2692	Unicorn-37031.exe	42
PID 288 wrote to memory of 1808	288	Unicorn-43960.exe	43
PID 288 wrote to memory of 1808	288	Unicorn-43960.exe	43
PID 288 wrote to memory of 1808	288	Unicorn-43960.exe	43
PID 288 wrote to memory of 1808	288	Unicorn-43960.exe	43

C:\Users\Admin\AppData\Local\Temp\b187d6ced8e79b8c640f9a98aef48bd9.exe
"C:\Users\Admin\AppData\Local\Temp\b187d6ced8e79b8c640f9a98aef48bd9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 380
        9⤵
        Program crash
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 372
        8⤵
        Program crash
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 372
        7⤵
        Program crash
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 372
        7⤵
        Program crash
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 368
        6⤵
        Program crash
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 380
        7⤵
        Program crash
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 372
        6⤵
        Program crash
        
        PID:2856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 380
        8⤵
        Program crash
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 372
        7⤵
        Program crash
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 372
        7⤵
        Program crash
        
        PID:884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 384
        6⤵
        Program crash
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 372
        5⤵
        Program crash
        
        PID:1932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 372
        7⤵
        Program crash
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 372
        7⤵
        Program crash
        
        PID:2192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 380
        6⤵
        Program crash
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 380
        7⤵
        Program crash
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 372
        6⤵
        Program crash
        
        PID:1244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 376
        5⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 380
        6⤵
        Program crash
        
        PID:3200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 380
        5⤵
        Program crash
        
        PID:1036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 380
      4⤵
      Program crash
      PID:1552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 372
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 380
        6⤵
        Program crash
        
        PID:1496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 376
        5⤵
        Program crash
        
        PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 384
        6⤵
        Program crash
        
        PID:2748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 380
        5⤵
        Program crash
        
        PID:1032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 376
      4⤵
      Program crash
      PID:1144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 380
        6⤵
        Program crash
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        5⤵
        Executes dropped EXE
        
        PID:2632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 372
        5⤵
        Program crash
        
        PID:472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 380
        5⤵
        Program crash
        
        PID:2068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 368
      4⤵
      Program crash
      PID:3040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 384
  2⤵
  - Program crash
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe

Filesize
184KB

MD5
56eccbf0373a9eeccd9790e341a6724b

SHA1
aa9cde5a9189f5587412528a49f825653039baa6

SHA256
9f827925cc4d9716cbe42d41069733c19a09e6e1a6d06a4932be09a0c917b563

SHA512
402e255b24bb4575093ba68214e8ae8a929a138038ae7b4323d8cca2df5e84239535357a54448c71014f543d514cc60e1bd967cfd548716d853ea5d7358045b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe

Filesize
184KB

MD5
d3d1e21296e00d938e0b20fa33d5cf6f

SHA1
597f8c6b719fbdf1fb66bdd0b54f731e291437d4

SHA256
196ebe88537d078bd4ec727345fdb72c14b3d13f7cbfe1b97aee7f88096d0280

SHA512
0dd7e79c028425ea9ca0d643e3b0644a99889062dd9df542a535ccec3293c6730a5ccb01bbef4c7c9d6344e576e2306dbbdfaaccb9df618a3842c9bc95937320

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe

Filesize
184KB

MD5
0d00b71dda6a349fa10eb4084c1c720f

SHA1
d2486b4a87a90ed9f568a99197a4eda08943100d

SHA256
37f2068b8cba1d1ef365655bc276d16a22f9ce0b992460ace7ab292702fdab34

SHA512
18ea981f1b74d267fd00454717f89c98e17f05326152e378e447f2eeec05131ed2ae57ee7df126aae562c8f27f588c9d84f6ae284cbbb8b06193784d6a2e84c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe

Filesize
184KB

MD5
5c1ccc2a332afb4dc1167eed0e1498ac

SHA1
60a8e34160fb63dadfcb2f433148ce842b9dcc47

SHA256
900504ae25ea2ca5936b1797230043e66a9372b614d22740119edfa5a13cee60

SHA512
ddcb4c508324f785214e1c9562b9ed6361e9d52870890e9d9e09a6e7cc2d6e77d4aef8e4cb38b78b20361288d16da86dbee3f7255d2910cf06257eb00dfe898b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe

Filesize
184KB

MD5
533905c07c5f2f2b47ea9c1a8e46eaee

SHA1
654c57c893d8b224726990e20aa83e7400aecf8f

SHA256
6ceb839a8b1a09c862d6b8cceba915d5c4e9d393bab91ccc727368f078ec4afd

SHA512
8686630d396552c3e24ef344d62a1c8e1cbe47eb9c6caa63a74f1e8d1bf97540fb4e33ef001a8ca11d66ebccf24158c000f319f280755209f81bcaef0bf2331e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe

Filesize
183KB

MD5
e7d9f799b45b2e98ec7cc4acd1e53449

SHA1
5a1e4ef75cdf3199268ee9d4fac88d175e309b73

SHA256
2d6a516aaf286a0c327f09106a29bb81e233e879d02fc05098145985869bedab

SHA512
54d5559b7ab974576c6762bdb3b268826a4270c650eb3a8e6ea8b169f61d87791ec8b269aa96d65e5c8e525ab2fe8427e6258e25ccea4f86edba3b7b500fe5ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe

Filesize
184KB

MD5
db56075c0ce856febed665e90dec70f3

SHA1
2340a2d53da43fe9e3bc6712a98cc422d4268afe

SHA256
f568fc7c18b9f8ca91fafcb6bf7f5c19353dbabb85bfe65070f70db6a2b1f12a

SHA512
c6d9d36a9aa3c6976007d0a468bfbf15021170ccf8d73c77e5b137bfa630cdfc070e42270e48667f0b219342811e982fedeb53ad0b70ca440ab901f04c5395ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe

Filesize
184KB

MD5
ac30a4c5f5342d9c57d1e428eaa49008

SHA1
c2f69763d881334ee35355178ba1b65791ccee5c

SHA256
1246af763dfdfa20df86b4c22043422a2bac2481ae4c43af200972d0af01c83a

SHA512
82821c85c4f5c7ad68b4a3f2f35f06542b8c3a3015fcd22787cedbbbabb1b2da8d8dd67bfa84de5619bae206b38e7620f6436b86775289d09ee51cc61f2ae546

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe

Filesize
184KB

MD5
587141f4daf54ebaca3b2318dfa97f30

SHA1
1e93c5004ff153da5bc935fb10e18961f553e614

SHA256
6f9c6a91ce191e49da84694e9239528077d6b6cb3e13dc44890b58bdf2bc1450

SHA512
bf62dfccb22546c19a2fb2da2b058af3d8d34ab098eeccd9910249ef2493b80357ada112131cba828b751dc8fb8cab70d11ecacc065724c413874d56289b5ac7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe

Filesize
184KB

MD5
78d3303444e0acec412df4dfb6816f94

SHA1
6c7513df2d035f4f1b206fbf69f3b33d2d7c1502

SHA256
ce26411397160f3895e365a53a02150c0144a308892d1ff7df56dfa874c403ae

SHA512
02a873488cc3500b26e0638ad42aebd52308f18935972f74164533b8cfb5a4f2938635cb8066f74ec8f75bf192dc0b516bf81d47e9f2c01194d9ebeeea9ab8fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe

Filesize
42KB

MD5
1368dfbac3c36e8589c39454c21a9374

SHA1
fa6b27453523a2a472abb877ea31b641791222b1

SHA256
fdbdc973096ded37577393eec45754262bbcada12fe131e315a4ff8393821fac

SHA512
81e8882f175adc359167a32bda933636d0cb96d65d837e466a8fa054636b76bd9cb11d609286d7da4383ad332e2f5f8b5f86d0368cbe8866ccd370416737d9ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe

Filesize
184KB

MD5
1ba42ec11999736716248d1c5053bfbc

SHA1
efc56f3443e2b29d475fb69801daa2c39402479b

SHA256
c9d3119498333672508f55f90c8bb713dc18a7632911fee26c4ada47f6cd8f1e

SHA512
36e44fc26e299d51255f429dda8b091055368e947090a24b4e72b6a3d3f79cc80a017ac50ca96450d1919b844ef4f4b6e4b62e09c75f53959e78c10b6f3939ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe

Filesize
184KB

MD5
4dff5fc230b324d3be267a13a3ee4480

SHA1
ee67e713bce5cb70b355aec82e82f5fdb2f3625c

SHA256
d0e7e189c1761680a4b849d659a4fb1838954910eac1bd5d5fdfab5b54769e29

SHA512
22e0ae670c8d557e0ca73f94b5efb9dc0361563005309bd9b56b92959fb1f048a1db9dc972b16b0a66956d64d6a757247dabcade67e6a1dde333276ea7626679

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads