b2aa1702d1b322668c723c6acb9af3ad4ed756cc1f5fd91835f8792b3104a193

Analysis

max time kernel
26s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00931a92cc37d6c36b6fc438c907cbc5.exe
Size

184KB
MD5

00931a92cc37d6c36b6fc438c907cbc5
SHA1

05edd9e22fc3e15cf4754183f3be59a2c4bdf41f
SHA256

b2aa1702d1b322668c723c6acb9af3ad4ed756cc1f5fd91835f8792b3104a193
SHA512

f94f2cc3c181f025205588ec6daeb57df034373a6373a3adea69d7460ccd42a03820477ee0b4eaac4bdee191d3e5796952b781cbf2cad51640a8337a5f473252
SSDEEP

3072:xKeXouITfUANyO3CKiC8zzFLUkL6a9NksDCxzJdmz7lPvpFN:xKSoblNyhKl8zz/mho7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 51 IoCs

pid	Process
616	Unicorn-63241.exe
2344	Unicorn-16999.exe
2776	Unicorn-46142.exe
2684	Unicorn-63392.exe
1288	Unicorn-14191.exe
2660	Unicorn-10470.exe
2132	Unicorn-57113.exe
1648	Unicorn-37055.exe
384	Unicorn-47225.exe
2488	Unicorn-14168.exe
2896	Unicorn-27852.exe
2072	Unicorn-38450.exe
2580	Unicorn-37608.exe
3032	Unicorn-8273.exe
788	Unicorn-40562.exe
584	Unicorn-3976.exe
700	Unicorn-16551.exe
1828	Unicorn-16359.exe
2436	Unicorn-64910.exe
1784	Unicorn-63795.exe
796	Unicorn-59882.exe
1804	Unicorn-13826.exe
1768	Unicorn-10982.exe
3052	Unicorn-14895.exe
844	Unicorn-14319.exe
2464	Unicorn-33837.exe
1604	Unicorn-588.exe
1612	Unicorn-32611.exe
2932	Unicorn-36141.exe
2508	Unicorn-65092.exe
2708	Unicorn-57132.exe
2628	Unicorn-5279.exe
2280	Unicorn-56364.exe
1616	Unicorn-60230.exe
2852	Unicorn-14236.exe
812	Unicorn-85.exe
1892	Unicorn-35446.exe
2664	Unicorn-60827.exe
2844	Unicorn-60827.exe
1732	Unicorn-23857.exe
1724	Unicorn-40385.exe
2088	Unicorn-7329.exe
2560	Unicorn-14231.exe
2024	Unicorn-46219.exe
336	Unicorn-42990.exe
1484	Unicorn-13655.exe
1752	Unicorn-62508.exe
924	Unicorn-6084.exe
2060	Unicorn-38181.exe
1896	Unicorn-64366.exe
2304	Unicorn-18695.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	00931a92cc37d6c36b6fc438c907cbc5.exe
2532	00931a92cc37d6c36b6fc438c907cbc5.exe
616	Unicorn-63241.exe
616	Unicorn-63241.exe
2532	00931a92cc37d6c36b6fc438c907cbc5.exe
2532	00931a92cc37d6c36b6fc438c907cbc5.exe
2776	Unicorn-46142.exe
2776	Unicorn-46142.exe
2344	Unicorn-16999.exe
2344	Unicorn-16999.exe
616	Unicorn-63241.exe
616	Unicorn-63241.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
2684	Unicorn-63392.exe
2684	Unicorn-63392.exe
2776	Unicorn-46142.exe
2776	Unicorn-46142.exe
2660	Unicorn-10470.exe
2660	Unicorn-10470.exe
1288	Unicorn-14191.exe
1288	Unicorn-14191.exe
2344	Unicorn-16999.exe
2344	Unicorn-16999.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
2132	Unicorn-57113.exe
2132	Unicorn-57113.exe
2684	Unicorn-63392.exe
2684	Unicorn-63392.exe
1648	Unicorn-37055.exe
1648	Unicorn-37055.exe
384	Unicorn-47225.exe
384	Unicorn-47225.exe
2660	Unicorn-10470.exe
2660	Unicorn-10470.exe
2896	Unicorn-27852.exe
2896	Unicorn-27852.exe
2488	Unicorn-14168.exe
2488	Unicorn-14168.exe
1288	Unicorn-14191.exe
1288	Unicorn-14191.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2072	Unicorn-38450.exe
2072	Unicorn-38450.exe
2132	Unicorn-57113.exe
2132	Unicorn-57113.exe
3032	Unicorn-8273.exe
3032	Unicorn-8273.exe

Program crash 41 IoCs

pid	pid_target	Process	procid_target
2720	2532	WerFault.exe	27
864	616	WerFault.exe	28
2824	2776	WerFault.exe	30
1588	2344	WerFault.exe	29
2248	2684	WerFault.exe	32
1064	1288	WerFault.exe	33
2160	2660	WerFault.exe	34
3008	2132	WerFault.exe	36
2636	1648	WerFault.exe	37
1688	2896	WerFault.exe	40
1216	2488	WerFault.exe	39
2204	2072	WerFault.exe	43
2996	2580	WerFault.exe	44
2872	1784	WerFault.exe	52
1488	1768	WerFault.exe	58
2568	1616	WerFault.exe	72
840	2708	WerFault.exe	67
1028	3052	WerFault.exe	57
816	584	WerFault.exe	47
2692	700	WerFault.exe	48
592	2464	WerFault.exe	60
1496	1612	WerFault.exe	62
888	844	WerFault.exe	59
768	1828	WerFault.exe	49
672	2932	WerFault.exe	63
2892	1804	WerFault.exe	56
1824	2508	WerFault.exe	64
1252	2436	WerFault.exe	50
2192	2628	WerFault.exe	68
2180	384	WerFault.exe	38
3184	2280	WerFault.exe	69
3296	3032	WerFault.exe	45
3288	1604	WerFault.exe	61
3324	796	WerFault.exe	53
3332	2852	WerFault.exe	73
3428	2024	WerFault.exe	82
3584	2560	WerFault.exe	81
3592	1892	WerFault.exe	75
3956	2664	WerFault.exe	77
3380	924	WerFault.exe	86
3628	2332	WerFault.exe	94

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
2532	00931a92cc37d6c36b6fc438c907cbc5.exe
616	Unicorn-63241.exe
2776	Unicorn-46142.exe
2344	Unicorn-16999.exe
2684	Unicorn-63392.exe
2660	Unicorn-10470.exe
1288	Unicorn-14191.exe
2132	Unicorn-57113.exe
1648	Unicorn-37055.exe
384	Unicorn-47225.exe
2488	Unicorn-14168.exe
2896	Unicorn-27852.exe
2072	Unicorn-38450.exe
2580	Unicorn-37608.exe
3032	Unicorn-8273.exe
584	Unicorn-3976.exe
788	Unicorn-40562.exe
700	Unicorn-16551.exe
2436	Unicorn-64910.exe
1828	Unicorn-16359.exe
1784	Unicorn-63795.exe
796	Unicorn-59882.exe
1768	Unicorn-10982.exe
3052	Unicorn-14895.exe
1804	Unicorn-13826.exe
844	Unicorn-14319.exe
1604	Unicorn-588.exe
2508	Unicorn-65092.exe
2932	Unicorn-36141.exe
2464	Unicorn-33837.exe
1612	Unicorn-32611.exe
2708	Unicorn-57132.exe
2628	Unicorn-5279.exe
2280	Unicorn-56364.exe
1616	Unicorn-60230.exe
2852	Unicorn-14236.exe
812	Unicorn-85.exe
2664	Unicorn-60827.exe
1892	Unicorn-35446.exe
2024	Unicorn-46219.exe
1732	Unicorn-23857.exe
1724	Unicorn-40385.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 616	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	28
PID 2532 wrote to memory of 616	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	28
PID 2532 wrote to memory of 616	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	28
PID 2532 wrote to memory of 616	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	28
PID 616 wrote to memory of 2344	616	Unicorn-63241.exe	29
PID 616 wrote to memory of 2344	616	Unicorn-63241.exe	29
PID 616 wrote to memory of 2344	616	Unicorn-63241.exe	29
PID 616 wrote to memory of 2344	616	Unicorn-63241.exe	29
PID 2532 wrote to memory of 2776	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	30
PID 2532 wrote to memory of 2776	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	30
PID 2532 wrote to memory of 2776	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	30
PID 2532 wrote to memory of 2776	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	30
PID 2532 wrote to memory of 2720	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	31
PID 2532 wrote to memory of 2720	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	31
PID 2532 wrote to memory of 2720	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	31
PID 2532 wrote to memory of 2720	2532	00931a92cc37d6c36b6fc438c907cbc5.exe	31
PID 2776 wrote to memory of 2684	2776	Unicorn-46142.exe	32
PID 2776 wrote to memory of 2684	2776	Unicorn-46142.exe	32
PID 2776 wrote to memory of 2684	2776	Unicorn-46142.exe	32
PID 2776 wrote to memory of 2684	2776	Unicorn-46142.exe	32
PID 2344 wrote to memory of 1288	2344	Unicorn-16999.exe	33
PID 2344 wrote to memory of 1288	2344	Unicorn-16999.exe	33
PID 2344 wrote to memory of 1288	2344	Unicorn-16999.exe	33
PID 2344 wrote to memory of 1288	2344	Unicorn-16999.exe	33
PID 616 wrote to memory of 2660	616	Unicorn-63241.exe	34
PID 616 wrote to memory of 2660	616	Unicorn-63241.exe	34
PID 616 wrote to memory of 2660	616	Unicorn-63241.exe	34
PID 616 wrote to memory of 2660	616	Unicorn-63241.exe	34
PID 616 wrote to memory of 864	616	Unicorn-63241.exe	35
PID 616 wrote to memory of 864	616	Unicorn-63241.exe	35
PID 616 wrote to memory of 864	616	Unicorn-63241.exe	35
PID 616 wrote to memory of 864	616	Unicorn-63241.exe	35
PID 2684 wrote to memory of 2132	2684	Unicorn-63392.exe	36
PID 2684 wrote to memory of 2132	2684	Unicorn-63392.exe	36
PID 2684 wrote to memory of 2132	2684	Unicorn-63392.exe	36
PID 2684 wrote to memory of 2132	2684	Unicorn-63392.exe	36
PID 2776 wrote to memory of 1648	2776	Unicorn-46142.exe	37
PID 2776 wrote to memory of 1648	2776	Unicorn-46142.exe	37
PID 2776 wrote to memory of 1648	2776	Unicorn-46142.exe	37
PID 2776 wrote to memory of 1648	2776	Unicorn-46142.exe	37
PID 2660 wrote to memory of 384	2660	Unicorn-10470.exe	38
PID 2660 wrote to memory of 384	2660	Unicorn-10470.exe	38
PID 2660 wrote to memory of 384	2660	Unicorn-10470.exe	38
PID 2660 wrote to memory of 384	2660	Unicorn-10470.exe	38
PID 1288 wrote to memory of 2488	1288	Unicorn-14191.exe	39
PID 1288 wrote to memory of 2488	1288	Unicorn-14191.exe	39
PID 1288 wrote to memory of 2488	1288	Unicorn-14191.exe	39
PID 1288 wrote to memory of 2488	1288	Unicorn-14191.exe	39
PID 2344 wrote to memory of 2896	2344	Unicorn-16999.exe	40
PID 2344 wrote to memory of 2896	2344	Unicorn-16999.exe	40
PID 2344 wrote to memory of 2896	2344	Unicorn-16999.exe	40
PID 2344 wrote to memory of 2896	2344	Unicorn-16999.exe	40
PID 2776 wrote to memory of 2824	2776	Unicorn-46142.exe	41
PID 2776 wrote to memory of 2824	2776	Unicorn-46142.exe	41
PID 2776 wrote to memory of 2824	2776	Unicorn-46142.exe	41
PID 2776 wrote to memory of 2824	2776	Unicorn-46142.exe	41
PID 2344 wrote to memory of 1588	2344	Unicorn-16999.exe	42
PID 2344 wrote to memory of 1588	2344	Unicorn-16999.exe	42
PID 2344 wrote to memory of 1588	2344	Unicorn-16999.exe	42
PID 2344 wrote to memory of 1588	2344	Unicorn-16999.exe	42
PID 2132 wrote to memory of 2072	2132	Unicorn-57113.exe	43
PID 2132 wrote to memory of 2072	2132	Unicorn-57113.exe	43
PID 2132 wrote to memory of 2072	2132	Unicorn-57113.exe	43
PID 2132 wrote to memory of 2072	2132	Unicorn-57113.exe	43

C:\Users\Admin\AppData\Local\Temp\00931a92cc37d6c36b6fc438c907cbc5.exe
"C:\Users\Admin\AppData\Local\Temp\00931a92cc37d6c36b6fc438c907cbc5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        8⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 380
        8⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 380
        7⤵
        Program crash
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 380
        8⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 380
        7⤵
        Program crash
        
        PID:1496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 368
        6⤵
        Program crash
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        7⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 380
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        6⤵
        Executes dropped EXE
        
        PID:1752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 380
        6⤵
        Program crash
        
        PID:1252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 376
        5⤵
        Program crash
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 384
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 380
        7⤵
        Program crash
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 380
        6⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 372
        6⤵
        Program crash
        
        PID:1824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 380
        5⤵
        Program crash
        
        PID:1688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 384
        5⤵
        Program crash
        
        PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 380
        7⤵
        Program crash
        
        PID:3592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 380
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        5⤵
        Executes dropped EXE
        
        PID:2088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 372
        5⤵
        Program crash
        
        PID:816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 376
      4⤵
      Program crash
      PID:2160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        8⤵
        Executes dropped EXE
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 380
        8⤵
        Program crash
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 380
        7⤵
        Program crash
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        7⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 380
        7⤵
        Program crash
        
        PID:2192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 380
        6⤵
        Program crash
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        8⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 380
        8⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 372
        7⤵
        Program crash
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        6⤵
        Executes dropped EXE
        
        PID:1896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 380
        6⤵
        Program crash
        
        PID:3324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 368
        5⤵
        Program crash
        
        PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        7⤵
        
        PID:328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 380
        7⤵
        Program crash
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        6⤵
        
        PID:2360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 380
        6⤵
        Program crash
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        6⤵
        Executes dropped EXE
        
        PID:2304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 380
        6⤵
        Program crash
        
        PID:3332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 384
        5⤵
        Program crash
        
        PID:2996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        6⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 384
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 380
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        5⤵
        Executes dropped EXE
        
        PID:336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 380
        5⤵
        Program crash
        
        PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6084.exe
        5⤵
        Executes dropped EXE
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        6⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 380
        6⤵
        Program crash
        
        PID:3380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 380
        5⤵
        Program crash
        
        PID:1488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 368
      4⤵
      Program crash
      PID:2636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 380
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe

Filesize
184KB

MD5
78ce3d098210500e9af295c47a414ea5

SHA1
edf53b188ac079ded0db5eca7526b0a205d1eafd

SHA256
18b9a0df35583d5898dd976eeb57f2dbf9642378b17c6bbdef51ba5023ecdd10

SHA512
793f9e1e0ed83e33767dbfbb558a2df1b96a67860066f1b0b497a3f84559cda64814ab8e8156efa3128b835688f4493f9d7a2c935fe4a6806e5238edbae41e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe

Filesize
184KB

MD5
cfae9ccbfda795c0fbfe70ca89815559

SHA1
8d84c2ccb18a0c331155599653ff4ef086dfa2ff

SHA256
c386ac16afe8907b8b4cacab4a5efd717e82ce280a42131119c2245862fc7cbd

SHA512
547632417e211a75898406126a8e787a81ac8ff14507c08654b70d5b2cd69ad5216c9dc87070a98041eea69214d7d08db3dfa6a0587daee4fa0bfbc0b0c95b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6084.exe

Filesize
184KB

MD5
0f07271a9bb81878e31df616a72db118

SHA1
2a57b9e3ebcff9b6a05821ab7d79f6be291180b8

SHA256
c1c1f96c45f14363debbcee44bf9465f654aa962213a3a10d5fefde593223a09

SHA512
19db53c1fe7fb20304128aef1c06d9508a42c88677d517f5ed01186c807b7cd0f6ecda986813febcc403d840b4c6ed60820130788bf87c34fecfcf4ffc5f7723

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe

Filesize
184KB

MD5
71f477299a478cb47eb521c8f7699ae1

SHA1
6b017a23f2ef999568560847492abd3761461774

SHA256
758a00b3af97502937a4f1abba4fec73ca1d2901b46526c551e59f4b6d1ff011

SHA512
16015ccececcdb8ec9f7384cafdc3d8444ddbaf9ef7391c34b580cfe212f6bf3e480858401a8cdf611247db77e785ae0a60949e202d79696f89cd8df733fe88a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe

Filesize
184KB

MD5
aa94096fee65d85ad81fb632b5fb162b

SHA1
12e256ad08eb90594e218a8acd93a81cdbd65260

SHA256
01754f57aba723e9b136d05c5cf6778c5cc50f86951909bf42826c41daca9e48

SHA512
36cf2a60b14c75b10ea98b8dd72145e17692942c0679016b58cb2db64acb628b0ae62fdda0a47e6ee73cc524a60d063cc195548828dd1924b03573efd089cda2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe

Filesize
184KB

MD5
2131750c776158c388ceb304f6f26d9b

SHA1
3c1e5468ec0a93a2f7445e5d09775860eafa41f3

SHA256
65615881bd461323c9e05c4ea84bcef5404c0adbe589eed0036588ddc9ceaca0

SHA512
456872e50f461e6c9b8feb5aa36722c6ce613f0894d779412c1ecf209ad0f51bdd612b3956ac6fe9953e072a1e1e061118d97c223a98394b6029f69fd6189a23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe

Filesize
184KB

MD5
b102b10f91d4cbda6332a96a2c4725db

SHA1
d2d06e9d8917a0b7bc75cd5500d1aa3201d6fd9f

SHA256
e0928355d6358b6e0dd3723f1a2edbde2bab6d02712750db219ce4affc441d93

SHA512
b4b234537ee3e683cee49d8b60aec29e99bea839aca88d8435925aae01da9a9e189ad13e18feaf418cf208ebb723cfab027c783fb4936b0b8dcafbda9ba02d5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe

Filesize
184KB

MD5
5bfc1ee1087fd314fd02f3ecac514311

SHA1
3a6dc620538e230c81a403f710ea655727c41503

SHA256
3cf6f6afd79c1bb0294cae71a9183000aeb6a7f6c7042e73e9a50a42e89f4efb

SHA512
d6a0d62dd8417b8e341fb1d767d8a41620fb0d2d4d2dc79b3c80b97f187969efe28d0ab1ed3e2ef45b4d35b073dc2d6874bd1224e27b331c6ffe871bc67ad710

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe

Filesize
184KB

MD5
3fa78f33eb3ec9b9e5eaa0b39d54aab0

SHA1
926b08306230d0040b37fd732fd5bc5c1e0be7c3

SHA256
8e94ef81324a5e397782c2c66358ad01124b6f71640445254af45bb8bb443236

SHA512
535d7ab7fe02cdbca3e2ab20dea6c6f0330fbc3acd7a1e962e9b5bdb1a99a74e65fa0380926e9f50156585ff448fe20cea2557f65e3111c52f2a8412b6313420

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe

Filesize
184KB

MD5
aac7c817d146e2c8d279fee4dff3f7c2

SHA1
4ccbb3f0a7efb363fa0c52725c3539a28d7e9763

SHA256
1a6926b297486ffc16ee9f725fff62b6f4e99ddb2ed83fcca3fdb7b290773289

SHA512
a51e4349c203b96aca8f981444195d90b899f33943f3170e880c17d24e0324cb0ff0a8f42aa18b55c97e6a4728b13ed527b5c54884aeae1e48b168fb999c74e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe

Filesize
184KB

MD5
2b49cc43e13a359bb176a095bc39764a

SHA1
84a044e000c6c38a837705ad13f510ddd44f7a16

SHA256
93c1e8c93411b55298ae0ee06a54167dc47a28f9bdd69d6698ab966ce3dc67b2

SHA512
b0d48cd52df8d3af6b80f48013affec5d1baab46081c95bce84c3843888088e93dedd74eb3d19bd0b5deeb5922bb2be7f409e78b172eb5cf704892bf820404d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe

Filesize
184KB

MD5
52b254b2afe5b79dadf7d61a1535b467

SHA1
6fc23b5581abc33dc20174d24a4d2157f4be378c

SHA256
e9bd1e0031f045dc46b6fc0b2f990d8c86ee6d7c04c603931a066d7ce8267b39

SHA512
254a7b3a2c86b91506b5bc8983b6943866f3a2e1d7c0eba8106c393828f32ab3bf47baf72d457e61f015ad29d4683d2df33a2283a97bd7377aef5538416dbd0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe

Filesize
184KB

MD5
686fb5e65661b833105a966d75f3c511

SHA1
87cc01d7a8978a23e6c5180cec061f840fc1881d

SHA256
b5318f200a979b5bf887e56a60f6b21fb1e076c86adb515c8fcb4eadbae64918

SHA512
aebe0cd916dda1c035e2f04a3f1165f39a88e9b3f185784d357b33d08b43f868588fb500ffc5259e7f04f42b985fc3b85dc84d007d8cdf3cb0561f09dad83a23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe

Filesize
184KB

MD5
0be599f963c5fb30611d52ade0218ac4

SHA1
f91aa4866ceb3e2f34f72258ff685dff0cb0ff6a

SHA256
19243ff32c02df4a8d605fd02bf067603c64b78e13c07c892fb747eadc528142

SHA512
d8c2bba2b961b1cc002529db51d18761793a6acbde61e7d6640205dc7baaa1aa29361211f288e75efdd419016a0f1910960cf15ba30a39d722f53391db791e3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe

Filesize
184KB

MD5
20f0a286e2ffd8eb6f45683cbace7bbc

SHA1
65c208d8cf5151be3486a1637285d350b953b98c

SHA256
7dcbfe03c55dd2b7e95c8a430763b56570baf3e023b5a26a890a13dde85708a1

SHA512
339b3d490d6f188ccf7dabd3c8a66fe3144827517c54f5b5c0c7f7036ff6d238de790b34e0b64da07f0b7e4c07b7abb1bdc724fa29c39626bf744310bc3a1ac1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe

Filesize
184KB

MD5
3d71c5ba0b899d77dca860751712d6c4

SHA1
4e4aafd0fab81829a95232e360857da093c3a11f

SHA256
89e93f6879c78fda443e67972e8e4b5919260aa1e511cf80cfc031d35b90ae76

SHA512
41365daf61cdac13e45d80b69f26d68a4c8866bb686bcfe27b1a8a94576a0460084c21f13c7b5dd2771cd6313318a0905e80ad3ecc848bf055b408a8be833962

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads