10be7b1f1550969327f43cb3adbc065d607583f13637fb5a089e9351acd87407

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe596dfff7cd708273b9e98eedc3be03.exe
Size

184KB
MD5

fe596dfff7cd708273b9e98eedc3be03
SHA1

956d54b7033d854e3e25af0eb4d57ee1ca732f04
SHA256

10be7b1f1550969327f43cb3adbc065d607583f13637fb5a089e9351acd87407
SHA512

28ad18302ea012e29250188d2df4778366258d1f43d38f1b718573aec2d779756e87ee9fb0a505f727ad6307f9e0f40bcda7868099b83b2ccd5373a5e2e11e80
SSDEEP

3072:X6nqoLBfwT6XqiBdZKxqzHCBYh6NJ2IwcrlPQP517lSdppuT:X6qota6XLdMxqza3N+7lSdp8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 30 IoCs

pid	Process
808	Unicorn-40757.exe
2104	Unicorn-22942.exe
2768	Unicorn-27109.exe
2380	Unicorn-5894.exe
3056	Unicorn-40788.exe
368	Unicorn-378.exe
2812	Unicorn-48593.exe
1484	Unicorn-10165.exe
2196	Unicorn-49143.exe
2468	Unicorn-14763.exe
836	Unicorn-6185.exe
1936	Unicorn-6268.exe
2432	Unicorn-23949.exe
2792	Unicorn-46590.exe
1956	Unicorn-34385.exe
1512	Unicorn-16871.exe
1728	Unicorn-25122.exe
2688	Unicorn-52039.exe
1960	Unicorn-38801.exe
2640	Unicorn-61982.exe
2816	Unicorn-36767.exe
2808	Unicorn-30436.exe
1324	Unicorn-34603.exe
1492	Unicorn-63993.exe
1000	Unicorn-33350.exe
1224	Unicorn-51030.exe
1832	Unicorn-28555.exe
1104	Unicorn-47652.exe
2252	Unicorn-65140.exe
1352	Unicorn-65415.exe

Loads dropped DLL 64 IoCs

pid	Process
2096	fe596dfff7cd708273b9e98eedc3be03.exe
2096	fe596dfff7cd708273b9e98eedc3be03.exe
808	Unicorn-40757.exe
808	Unicorn-40757.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2104	Unicorn-22942.exe
2104	Unicorn-22942.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2768	Unicorn-27109.exe
2768	Unicorn-27109.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
2380	Unicorn-5894.exe
2380	Unicorn-5894.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
3056	Unicorn-40788.exe
3056	Unicorn-40788.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
368	Unicorn-378.exe
368	Unicorn-378.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
2812	Unicorn-48593.exe
2812	Unicorn-48593.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
1484	Unicorn-10165.exe
1484	Unicorn-10165.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2196	Unicorn-49143.exe
2196	Unicorn-49143.exe
640	WerFault.exe
640	WerFault.exe
640	WerFault.exe
640	WerFault.exe

Program crash 31 IoCs

pid	pid_target	Process	procid_target
2436	2096	WerFault.exe	27
2712	808	WerFault.exe	28
2592	2104	WerFault.exe	30
320	2768	WerFault.exe	32
2308	2380	WerFault.exe	34
664	3056	WerFault.exe	36
812	368	WerFault.exe	38
2972	2812	WerFault.exe	40
2076	1484	WerFault.exe	42
640	2196	WerFault.exe	46
2440	2468	WerFault.exe	48
1588	836	WerFault.exe	50
1096	1936	WerFault.exe	52
2336	2432	WerFault.exe	54
2328	2792	WerFault.exe	56
852	1956	WerFault.exe	58
2568	1512	WerFault.exe	60
2872	1728	WerFault.exe	62
2868	2688	WerFault.exe	64
1924	1960	WerFault.exe	66
3048	2640	WerFault.exe	68
1644	2816	WerFault.exe	70
676	2808	WerFault.exe	72
2968	1324	WerFault.exe	74
1980	1492	WerFault.exe	76
1696	1000	WerFault.exe	78
1300	1224	WerFault.exe	80
616	1832	WerFault.exe	82
884	1104	WerFault.exe	84
1976	2252	WerFault.exe	86
2748	1352	WerFault.exe	88

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2096	fe596dfff7cd708273b9e98eedc3be03.exe
808	Unicorn-40757.exe
2104	Unicorn-22942.exe
2768	Unicorn-27109.exe
2380	Unicorn-5894.exe
3056	Unicorn-40788.exe
368	Unicorn-378.exe
2812	Unicorn-48593.exe
1484	Unicorn-10165.exe
2196	Unicorn-49143.exe
2468	Unicorn-14763.exe
836	Unicorn-6185.exe
1936	Unicorn-6268.exe
2432	Unicorn-23949.exe
2792	Unicorn-46590.exe
1956	Unicorn-34385.exe
1512	Unicorn-16871.exe
1728	Unicorn-25122.exe
2688	Unicorn-52039.exe
1960	Unicorn-38801.exe
2640	Unicorn-61982.exe
2816	Unicorn-36767.exe
2808	Unicorn-30436.exe
1324	Unicorn-34603.exe
1492	Unicorn-63993.exe
1000	Unicorn-33350.exe
1224	Unicorn-51030.exe
1832	Unicorn-28555.exe
1104	Unicorn-47652.exe
2252	Unicorn-65140.exe
1352	Unicorn-65415.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 808	2096	fe596dfff7cd708273b9e98eedc3be03.exe	28
PID 2096 wrote to memory of 808	2096	fe596dfff7cd708273b9e98eedc3be03.exe	28
PID 2096 wrote to memory of 808	2096	fe596dfff7cd708273b9e98eedc3be03.exe	28
PID 2096 wrote to memory of 808	2096	fe596dfff7cd708273b9e98eedc3be03.exe	28
PID 2096 wrote to memory of 2436	2096	fe596dfff7cd708273b9e98eedc3be03.exe	29
PID 2096 wrote to memory of 2436	2096	fe596dfff7cd708273b9e98eedc3be03.exe	29
PID 2096 wrote to memory of 2436	2096	fe596dfff7cd708273b9e98eedc3be03.exe	29
PID 2096 wrote to memory of 2436	2096	fe596dfff7cd708273b9e98eedc3be03.exe	29
PID 808 wrote to memory of 2104	808	Unicorn-40757.exe	30
PID 808 wrote to memory of 2104	808	Unicorn-40757.exe	30
PID 808 wrote to memory of 2104	808	Unicorn-40757.exe	30
PID 808 wrote to memory of 2104	808	Unicorn-40757.exe	30
PID 808 wrote to memory of 2712	808	Unicorn-40757.exe	31
PID 808 wrote to memory of 2712	808	Unicorn-40757.exe	31
PID 808 wrote to memory of 2712	808	Unicorn-40757.exe	31
PID 808 wrote to memory of 2712	808	Unicorn-40757.exe	31
PID 2104 wrote to memory of 2768	2104	Unicorn-22942.exe	32
PID 2104 wrote to memory of 2768	2104	Unicorn-22942.exe	32
PID 2104 wrote to memory of 2768	2104	Unicorn-22942.exe	32
PID 2104 wrote to memory of 2768	2104	Unicorn-22942.exe	32
PID 2104 wrote to memory of 2592	2104	Unicorn-22942.exe	33
PID 2104 wrote to memory of 2592	2104	Unicorn-22942.exe	33
PID 2104 wrote to memory of 2592	2104	Unicorn-22942.exe	33
PID 2104 wrote to memory of 2592	2104	Unicorn-22942.exe	33
PID 2768 wrote to memory of 2380	2768	Unicorn-27109.exe	34
PID 2768 wrote to memory of 2380	2768	Unicorn-27109.exe	34
PID 2768 wrote to memory of 2380	2768	Unicorn-27109.exe	34
PID 2768 wrote to memory of 2380	2768	Unicorn-27109.exe	34
PID 2768 wrote to memory of 320	2768	Unicorn-27109.exe	35
PID 2768 wrote to memory of 320	2768	Unicorn-27109.exe	35
PID 2768 wrote to memory of 320	2768	Unicorn-27109.exe	35
PID 2768 wrote to memory of 320	2768	Unicorn-27109.exe	35
PID 2380 wrote to memory of 3056	2380	Unicorn-5894.exe	36
PID 2380 wrote to memory of 3056	2380	Unicorn-5894.exe	36
PID 2380 wrote to memory of 3056	2380	Unicorn-5894.exe	36
PID 2380 wrote to memory of 3056	2380	Unicorn-5894.exe	36
PID 2380 wrote to memory of 2308	2380	Unicorn-5894.exe	37
PID 2380 wrote to memory of 2308	2380	Unicorn-5894.exe	37
PID 2380 wrote to memory of 2308	2380	Unicorn-5894.exe	37
PID 2380 wrote to memory of 2308	2380	Unicorn-5894.exe	37
PID 3056 wrote to memory of 368	3056	Unicorn-40788.exe	38
PID 3056 wrote to memory of 368	3056	Unicorn-40788.exe	38
PID 3056 wrote to memory of 368	3056	Unicorn-40788.exe	38
PID 3056 wrote to memory of 368	3056	Unicorn-40788.exe	38
PID 3056 wrote to memory of 664	3056	Unicorn-40788.exe	39
PID 3056 wrote to memory of 664	3056	Unicorn-40788.exe	39
PID 3056 wrote to memory of 664	3056	Unicorn-40788.exe	39
PID 3056 wrote to memory of 664	3056	Unicorn-40788.exe	39
PID 368 wrote to memory of 2812	368	Unicorn-378.exe	40
PID 368 wrote to memory of 2812	368	Unicorn-378.exe	40
PID 368 wrote to memory of 2812	368	Unicorn-378.exe	40
PID 368 wrote to memory of 2812	368	Unicorn-378.exe	40
PID 368 wrote to memory of 812	368	Unicorn-378.exe	41
PID 368 wrote to memory of 812	368	Unicorn-378.exe	41
PID 368 wrote to memory of 812	368	Unicorn-378.exe	41
PID 368 wrote to memory of 812	368	Unicorn-378.exe	41
PID 2812 wrote to memory of 1484	2812	Unicorn-48593.exe	42
PID 2812 wrote to memory of 1484	2812	Unicorn-48593.exe	42
PID 2812 wrote to memory of 1484	2812	Unicorn-48593.exe	42
PID 2812 wrote to memory of 1484	2812	Unicorn-48593.exe	42
PID 2812 wrote to memory of 2972	2812	Unicorn-48593.exe	43
PID 2812 wrote to memory of 2972	2812	Unicorn-48593.exe	43
PID 2812 wrote to memory of 2972	2812	Unicorn-48593.exe	43
PID 2812 wrote to memory of 2972	2812	Unicorn-48593.exe	43

C:\Users\Admin\AppData\Local\Temp\fe596dfff7cd708273b9e98eedc3be03.exe
"C:\Users\Admin\AppData\Local\Temp\fe596dfff7cd708273b9e98eedc3be03.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        32⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        31⤵
        Program crash
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        30⤵
        Program crash
        
        PID:884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        29⤵
        Program crash
        
        PID:616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        28⤵
        Program crash
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        27⤵
        Program crash
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        26⤵
        Program crash
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        25⤵
        Program crash
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        24⤵
        Program crash
        
        PID:676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        23⤵
        Program crash
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        22⤵
        Program crash
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        21⤵
        Program crash
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        20⤵
        Program crash
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        19⤵
        Program crash
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        18⤵
        Program crash
        
        PID:2568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        17⤵
        Program crash
        
        PID:852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        16⤵
        Program crash
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        15⤵
        Program crash
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        14⤵
        Program crash
        
        PID:1096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        13⤵
        Program crash
        
        PID:1588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        12⤵
        Program crash
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
  2⤵
  - Program crash
  PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe

Filesize
184KB

MD5
c1f3831fb196d852d71aaf213a028200

SHA1
71570442b48b2f37cc5089385cb8edc529103fa3

SHA256
d7d07a94481ebb082b18cf51bcc2770010a374f7b2a5c19b50e611a18c508ac1

SHA512
6fffec499974bb2f0bdeda880f5cc513fdebd8a81025d2cb5d293f1e25ddb5976b280f4b6b450e082189bbf67f6c9725aa689edb3c0fcf89f175b705de48d068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe

Filesize
184KB

MD5
52c8a9cecdcade6aad851299b04a85eb

SHA1
3c163782bc4a38e564610ace792a42b6e1c7d3b1

SHA256
447d0b01511a10d2566543eb6d84c0a8203deec86c00ad16ae46add4a3eeeb9e

SHA512
72b5a19087bfbb086d88f835728cd0e7ebc33fe2539f414a3705df44ebee12fc298f6234857b262c6d447bb218dc5bd34765643c586f27695432eabe10a235f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe

Filesize
84KB

MD5
7cef689ddb93ea4e3a4959cd99e342d1

SHA1
c549b39a0700d42dcacb5f6fd21eb091d20474e2

SHA256
161d847c7ad99615bc991190e69ef8ead4605fc496f6bc4738416aa4ca0c0298

SHA512
535dd8e439955cb0db3aafdd4c9c7aeb17b3bca3e890e1aa036922a4962935c633238759cce2473512184dd6e73097f234ead06ca36628fb81e209a1b6651a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
23KB

MD5
95a6241a5cd23cc13042767f67be17f1

SHA1
22bb4b10d0bf2c419a36b911f48ee4878cfb099b

SHA256
0959017271f05c5f2ca3df816586f71518f3e67c6d607c0b388d75da7d0fe047

SHA512
03ea807a924ef3cc2d3f0b05b8b348489766291b825b2678007154ccd23a59e019bfc00d6368e6b8f3c03f19902b814841a4df0c131f93d75d73d254c1f8e5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
135KB

MD5
c90ee0ac576a8f1c33dd941d41e518fc

SHA1
3671616942dc2533722b1aa95da15bd1cd34668f

SHA256
653ce9b75d601f5441a45033b389096f35e6ae6221989116f6e7ce219164ceaa

SHA512
1027ba64b3f5cf4cae785e283dc92079906e524b51c7fe239de4998f92b16135a06f66cc6786ca91d734ee4a41511479516e0a6c5b9df7fedcd812e6bbd9c42c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
57KB

MD5
a6be231e940e8c7025aff1450f8b51ef

SHA1
6c53a8b4bf79a722152ab0a74bd0f8f4ef0542f9

SHA256
20a6fd2a1723283ba7ec60f6637c7819c3ec526215d75e2126aed9a36f9a7678

SHA512
5d40fe892efb637df6e03b684f0b036930a35421c541073801259ec0da9affafe3b558fe650de14bae1c4b993517e32b5a9852d4b81513b29a75e307b323adcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
102KB

MD5
8737110612e0a6d6279a730112abb8fc

SHA1
85afcfd3f26af90f21f904191b3ec632699e81f2

SHA256
ff405b73c58782f36c052697a1e71b21730da84c231901a6f14115521fb53c59

SHA512
65cca37ff685b20cf34244f07211dd9806e0944ddbe9b10d9644574386edbef8937b9b796b13653b27508bbb2cc328419b46a0289993af1a921b34e6afadd7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
184KB

MD5
dee597fd6da836f7b7c01eaccce28b62

SHA1
99a2ea4f2a967645c3f104fb640c2b4f591cd6ba

SHA256
62d75d61c3e36ad399ce53516173667a82acd1ff75a48879b820f7efc6cf4451

SHA512
0ac843d7d1621bd18b13ed7069f584bdbf5a7781fd5d05194251673a05cc4624124439cbca5dc12a94a58f590276518bbfdd4677b2f61d00c2e138420e616c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe

Filesize
184KB

MD5
91e4b2c30d3d51456093806c32a83b39

SHA1
2f4ee5e022e873491c2663d4e5fdc65e87bb61dc

SHA256
d629913a987699807d7b7096a60574d7e09c36b1dad97435320cfa1d9c39a3b5

SHA512
dba26ebdf6f82d42c5fe4cb60f039edbf81e7eb953f99ee45b8ee8a82c23926299873ef1290767458cfa7916b4f17206e14117affac1d4b953d6218f71f4089b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe

Filesize
184KB

MD5
063a8c7ad029887c8010d50207877a04

SHA1
2fe565c7943f244e440f26968194e88ce73b0286

SHA256
218b3c25a986e0bd940c211c607f74d7b9db2a93b1a48b236d143da0dd80f8a9

SHA512
0120d267773b8410512bb35c1f5b2af4c9fba8ff20b50ff8bc2070efd54bc456d70ac4c22fa2a39b93ecee31c1447349d661131a846f5b3f7d773daa0bed814e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe

Filesize
182KB

MD5
dd90df328d7f702a65207afbb7646fc2

SHA1
f5f558ad6f51daabe326869a84b07271adafee87

SHA256
3dfd68253b6b5ed9dd97d5ce17844668685d2bd222e5b6373cc1497555bd49f5

SHA512
c219c86fee8575b50ec182698c8b8acfc598090402a3af7bdbce71ebfd4674bee27dbf06c740a2793cc6d56c967ac24f156450561f973422df6c3a3467beaffb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe

Filesize
45KB

MD5
1b04f12901cd84247e31a3068956895c

SHA1
96a1eb44ee9ddff8b2529363b9d50cc4cabb9b73

SHA256
bdf33cc6eaa00133265fe3e1d31f4b493ef0fe33b1bc4b1aa5e055d4311024d0

SHA512
36ce94ba5fd51ab01374116836fb16121ddccb14edfc1ae7cee137ff754f641b30bdd33ac4ac0d231b0b37416f28267087e8388916dd1c0bebd77c2fc43fe4cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
32KB

MD5
11369179cb72126fa74c3780abe976c6

SHA1
b485c39d4d933f5cd40e6494ba9868a231e43509

SHA256
9edb39c57b89064057c2b66dd232d7de3200f94f1b466ba15d9e95ae302b2071

SHA512
4f6f55f03a3c2d6039040573b9f57fc4a341719b09ffc0d12b0ceabd52529f5ceec322feb844314b8c7b3dd2cd970638e6048a92a2a66d2318dd91a10d93e84f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
21KB

MD5
00cf4ca4430ca4ebd8fc5a2069c65d5b

SHA1
b9448d08e1535eca94d5ca4a97bea3ca7206cf95

SHA256
59b5b8ac46b6b11ee329fccdaa4244c4a1a79a263e73836aae6a06bfdef68a25

SHA512
f1cda635c82d19d447cb96f960fe7f943db8ce0b2ffd7a9f967cd257caa137adbb14e9ae86d4d0b92c525a49c1c5c6deae8e07f8bc5b1445cc3b79a3a06eed08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
49KB

MD5
4033fa8c189abd5fe0e4963a0745b208

SHA1
e0fdd76818dc5002af29481709765b38fe9ad04b

SHA256
f2b17c313d7b4e538a107904faa7720da2bcaa5758a8b1064ca65b0622be6136

SHA512
dbf1ceaed0f67041fd48ff0bd0134c92673637c87f7d2031de39809a519e6aef1744e447de70cdaf12628c12034522a3864cc9fe8ce48add30a6d4904a582210

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
61KB

MD5
aec529db99e2363c815e8578d20f1e94

SHA1
56c9fb194ddc6821e1905f63405073c44d2465c5

SHA256
5140365d0fe8f10990fdb55762c5a93bb18b04d64dc5fe3c3b35dd59511c5caf

SHA512
c9f92924e154e93dfdac5c9360b442945669b296b0d47c062f329aac80450228d8893568de7d05f113f561815619ac170abc251408d43655181939a47bd00c14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
67KB

MD5
e71776d37c36cdac58f8a370061d7255

SHA1
6765f76af53cb8adee446be913a778df876d9187

SHA256
6b903d221eda487293fd612f425819d04473847cfe382d460e8b06506cf66647

SHA512
c0a9dc95fac40045ab4564f9f50892fb0b910f527833132f69adaf94f0447c0a214ba0e3b5d6def6fb82abe545ef5d01a5395b61ec206fbf2fdc627cf97e8657

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
86KB

MD5
1c1b43d504f51003a353b4048c623fe8

SHA1
f5052bc7bd5cafbf203596cc4a4fc12cc8301604

SHA256
97b048205d195bfb046f028ece93d3de91d25082a3654261399ff62e2576b742

SHA512
afe11433a0412831f02ce5206a1ebf0f675a6ba54ecdd2e6c1ba0a55aae8d216f57f1b0c64ebe07541cbd382be53a61e83ebe85d391a9bacfa3f289a675503f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe

Filesize
41KB

MD5
06c1a3e47c9f4fd7c8d4d5771a3b7a0a

SHA1
2abce00da1ff3ce17a6f63344b81b80dff7e29ef

SHA256
211434ffcc7e6504ec1c8fb7128bbd2cb3a586cfd02fefb51a500dd07e2a5715

SHA512
90acbc4c3139f3c1e74314b22c9022e48497c332a94103c4d832bcfe95bf35e59c4734193eb3181042b147fc87163f4923b0ed1ec1f2d928440ee4d1b624bc9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-378.exe

Filesize
184KB

MD5
504bbc7454a9d60c7409749b6e31679d

SHA1
5e15ae135af2d71259ffbaa360f77284c02cc9f9

SHA256
a71f1571114e69684e627d671722cd4cd4b187e748f0b0275a54c10cfdd9035e

SHA512
13132245d51796d06ff4f3236d10277a96633b90dc0a0a0b4768787aaf188f2e900be6ea09f08194cbf60bec4a24986ade1340e97aab2cb33473c043a04ebe4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe

Filesize
160KB

MD5
ffe68d2da18de0e751dcf37254ef838c

SHA1
116e21269c99d086f582045e0a5ee5bbce7781f3

SHA256
17c06ffc1a09ca5eb602734a3fa7c668c292fde25001984e0bedf90dc9b1ca32

SHA512
9c903e43dad9e57685a7d6526e646d12926e1ad2dc73fb2d858a79928b3866bdfc75ab8920ea56da1046b1694e61f0234c8ba4c60f47bebd2f7cc6dcb0dd162d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe

Filesize
160KB

MD5
688290d50a44aafbd68c9bc323e43c9d

SHA1
a85bcc5a165cf32b902feb6703ad548645cd82e0

SHA256
9458f81c1e168698901fdbb00ee570a97ef877375c76f02d8a933aadf27ba6cb

SHA512
5792900c9abde867258f4e6956db73cb8089843901b94eb327bdafe319880ed7bde6ac79554e71b89f85ae939bf9ec569c7d1c34beaf10ce40455e4387f959cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe

Filesize
184KB

MD5
6cbf6d4acebedd21e58dd794d2f9fb11

SHA1
359ce30dc30629c67f22027dd67bbe5ff16daa7f

SHA256
fb1a23c837502c1437b666be2d8143a6988fbb68fdc6f2156cd11f037a86a5e5

SHA512
8ef01d0a1d046c6efd90ac4738e66fe6f0b8d917b14759e8b9b033e8626f562cab191c23bef1d0544973240cda5ad7948f34314f97d092fff6d7d1443d0a9389

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe

Filesize
184KB

MD5
b6b0aed5d836bb6fb1b6e9667ceb9144

SHA1
8ae33ab84d4e443d95aeff4b00370c5ed5651947

SHA256
c29017d46700ec71b995db13b2330d68e9a35d0dd44c813cfcdb7e4cc0504117

SHA512
8c8b8ba0feb4b4986f21cc98e5df11f8b7e0b95e41b233ab3300cc650b05c1eff79472927df0b5c1fe8d2bee734d485c87bc9f78c869153ea9010ab02204585e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe

Filesize
64KB

MD5
af1ee743572e9c8df13164c97b82909b

SHA1
41dd49e1f3978017a02d128445b451afe521c173

SHA256
cba7a0fa77e4bd6c14da607bd7deb2fe6f90524cb9d1777a85917512ad0a9fe9

SHA512
963cb3b41c10aa748e31e78faae0e35532abafa3ccc23b6edde2636cad084303f7a56e3ad42d99ec6522d1aa5bfd8e133e25833cbdbefa7d0057f9954c8f3db5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe

Filesize
155KB

MD5
792389bc594e5359a33fcdcb87bb38b7

SHA1
b37cd6cbacdb758c402c8a393e4c76111d09cde5

SHA256
a4ae3d776cbb88be1c3332af67c819383769e79d829b5b8e58cee1de0f85a89a

SHA512
ba682d065e4747b5a663161ad817328b6f22e75871a4e6fd2d3a47d410ec80702bfcdbd8d61602f05287ab94a44ec65a2fa811e5a83107085cf5ba1abfe94eed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe

Filesize
184KB

MD5
7bcf45ec47516a475bc6270cafd1af03

SHA1
f899bd1c6f7f09018c94e9756afcc606a077a6c0

SHA256
855c696fdc62e5afb817b86b395b36f0f5890b54439e3495f258a6d29b65302c

SHA512
6f53a33c68870703bdfa1fbf82a05511227d085dee0900cd5accdc3bf1ebd643338c4baea2afd8d423166077a4cd14ab889435392a04eaa8bf78b50af6668507

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
127KB

MD5
598faea1e90174b15f859f5f2feba284

SHA1
87667b879ad0d95232de87102189cd31555ba145

SHA256
e63cefd1eefaf32fa7cdd9d922edd41cdc423ea4ff6b022e0087258d89ae8907

SHA512
bdb3dd30f527ebe3f3eb5f07f4fbf56c6262f8d6ff10b9f19890fb80c56aa8d4cffa45302b455d8d4fd80807c4043e989c02697a62349cec4c0382e1a9817aa2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
113KB

MD5
f038452311c21414e756787fd5ac3ee2

SHA1
d379beb7e69038c5d24c9e5499139f960d89896c

SHA256
26da5edb9b8c88b26ac7e2afcce5475327ef3139788f8cf3b7b080930700ba6a

SHA512
fc84f24e8f2a95b2ce4d463a57db2f645ffadeff48be2abcb34e5ae2734c691eb98afb5054637808379835ef3121e2be4a548378325acbdad93c919879cebff3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads