7f362e6152dcf1de902e0462d300f3f2b51bbcff8e3c257cb9e2eaa12b5c364f

Analysis

max time kernel
40s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e452386fd5d69c654b0a827bc5c8ea9.exe
Size

184KB
MD5

1e452386fd5d69c654b0a827bc5c8ea9
SHA1

f6894549976e8142c7275dbd18e702204aa923d5
SHA256

7f362e6152dcf1de902e0462d300f3f2b51bbcff8e3c257cb9e2eaa12b5c364f
SHA512

3750494bb7d4ec4923c716e0cb07176b8c8c220a91ef932dd23f1dbe49a3c45ba974029c1314b281115d287bb48e594b0cade609932d3155a50e50cb1e9f9a9b
SSDEEP

3072:vL3Fom4L8UT0nOj8MRPuvJ010vKMX8l48ZxKia1WNlPMpFQ:vLVok+0nHMtuvJRMG+NlPMpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
280	Unicorn-13272.exe
2752	Unicorn-40595.exe
2652	Unicorn-15099.exe
2480	Unicorn-13677.exe
2304	Unicorn-39931.exe
2256	Unicorn-9884.exe
552	Unicorn-23790.exe
1252	Unicorn-62331.exe
2196	Unicorn-57557.exe
2468	Unicorn-30526.exe

Loads dropped DLL 64 IoCs

pid	Process
1716	1e452386fd5d69c654b0a827bc5c8ea9.exe
1716	1e452386fd5d69c654b0a827bc5c8ea9.exe
280	Unicorn-13272.exe
280	Unicorn-13272.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2752	Unicorn-40595.exe
2752	Unicorn-40595.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2652	Unicorn-15099.exe
2652	Unicorn-15099.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2480	Unicorn-13677.exe
2480	Unicorn-13677.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2304	Unicorn-39931.exe
2304	Unicorn-39931.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2256	Unicorn-9884.exe
2256	Unicorn-9884.exe
1492	WerFault.exe
1492	WerFault.exe
1492	WerFault.exe
1492	WerFault.exe
1492	WerFault.exe
1492	WerFault.exe
1492	WerFault.exe
552	Unicorn-23790.exe
552	Unicorn-23790.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe

Program crash 41 IoCs

pid	pid_target	Process	procid_target
2420	1716	WerFault.exe	15
2876	280	WerFault.exe	29
2616	2752	WerFault.exe	31
2816	2652	WerFault.exe	33
2952	2480	WerFault.exe	35
2832	2304	WerFault.exe	37
1492	2256	WerFault.exe	39
2112	552	WerFault.exe	41
2076	1252	WerFault.exe	44
640	2196	WerFault.exe	46
776	2468	WerFault.exe	48
112	1696	WerFault.exe	50
700	1560	WerFault.exe	52
2044	908	WerFault.exe	54
240	2252	WerFault.exe	56
2524	1228	WerFault.exe	58
1976	1908	WerFault.exe	60
2600	2704	WerFault.exe	62
2308	2756	WerFault.exe	64
2264	2664	WerFault.exe	66
1216	2584	WerFault.exe	68
1224	1456	WerFault.exe	70
1176	3052	WerFault.exe	72
2084	2980	WerFault.exe	74
2460	1284	WerFault.exe	76
2392	1652	WerFault.exe	78
2472	2540	WerFault.exe	80
2300	1844	WerFault.exe	82
476	2464	WerFault.exe	84
2220	2916	WerFault.exe	86
2720	2272	WerFault.exe	88
1920	2348	WerFault.exe	90
2176	1840	WerFault.exe	92
2080	1796	WerFault.exe	94
340	2928	WerFault.exe	96
2332	2260	WerFault.exe	98
1824	1388	WerFault.exe	100
2136	836	WerFault.exe	102
2868	2572	WerFault.exe	104
380	2640	WerFault.exe	106
2992	3036	WerFault.exe	108

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1716	1e452386fd5d69c654b0a827bc5c8ea9.exe
280	Unicorn-13272.exe
2752	Unicorn-40595.exe
2652	Unicorn-15099.exe
2480	Unicorn-13677.exe
2304	Unicorn-39931.exe
2256	Unicorn-9884.exe
552	Unicorn-23790.exe
1252	Unicorn-62331.exe
2196	Unicorn-57557.exe
2468	Unicorn-30526.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 280	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	29
PID 1716 wrote to memory of 280	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	29
PID 1716 wrote to memory of 280	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	29
PID 1716 wrote to memory of 280	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	29
PID 1716 wrote to memory of 2420	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	28
PID 1716 wrote to memory of 2420	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	28
PID 1716 wrote to memory of 2420	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	28
PID 1716 wrote to memory of 2420	1716	1e452386fd5d69c654b0a827bc5c8ea9.exe	28
PID 280 wrote to memory of 2752	280	Unicorn-13272.exe	31
PID 280 wrote to memory of 2752	280	Unicorn-13272.exe	31
PID 280 wrote to memory of 2752	280	Unicorn-13272.exe	31
PID 280 wrote to memory of 2752	280	Unicorn-13272.exe	31
PID 280 wrote to memory of 2876	280	Unicorn-13272.exe	30
PID 280 wrote to memory of 2876	280	Unicorn-13272.exe	30
PID 280 wrote to memory of 2876	280	Unicorn-13272.exe	30
PID 280 wrote to memory of 2876	280	Unicorn-13272.exe	30
PID 2752 wrote to memory of 2652	2752	Unicorn-40595.exe	33
PID 2752 wrote to memory of 2652	2752	Unicorn-40595.exe	33
PID 2752 wrote to memory of 2652	2752	Unicorn-40595.exe	33
PID 2752 wrote to memory of 2652	2752	Unicorn-40595.exe	33
PID 2752 wrote to memory of 2616	2752	Unicorn-40595.exe	32
PID 2752 wrote to memory of 2616	2752	Unicorn-40595.exe	32
PID 2752 wrote to memory of 2616	2752	Unicorn-40595.exe	32
PID 2752 wrote to memory of 2616	2752	Unicorn-40595.exe	32
PID 2652 wrote to memory of 2480	2652	Unicorn-15099.exe	35
PID 2652 wrote to memory of 2480	2652	Unicorn-15099.exe	35
PID 2652 wrote to memory of 2480	2652	Unicorn-15099.exe	35
PID 2652 wrote to memory of 2480	2652	Unicorn-15099.exe	35
PID 2652 wrote to memory of 2816	2652	Unicorn-15099.exe	34
PID 2652 wrote to memory of 2816	2652	Unicorn-15099.exe	34
PID 2652 wrote to memory of 2816	2652	Unicorn-15099.exe	34
PID 2652 wrote to memory of 2816	2652	Unicorn-15099.exe	34
PID 2480 wrote to memory of 2304	2480	Unicorn-13677.exe	37
PID 2480 wrote to memory of 2304	2480	Unicorn-13677.exe	37
PID 2480 wrote to memory of 2304	2480	Unicorn-13677.exe	37
PID 2480 wrote to memory of 2304	2480	Unicorn-13677.exe	37
PID 2480 wrote to memory of 2952	2480	Unicorn-13677.exe	36
PID 2480 wrote to memory of 2952	2480	Unicorn-13677.exe	36
PID 2480 wrote to memory of 2952	2480	Unicorn-13677.exe	36
PID 2480 wrote to memory of 2952	2480	Unicorn-13677.exe	36
PID 2304 wrote to memory of 2256	2304	Unicorn-39931.exe	39
PID 2304 wrote to memory of 2256	2304	Unicorn-39931.exe	39
PID 2304 wrote to memory of 2256	2304	Unicorn-39931.exe	39
PID 2304 wrote to memory of 2256	2304	Unicorn-39931.exe	39
PID 2304 wrote to memory of 2832	2304	Unicorn-39931.exe	38
PID 2304 wrote to memory of 2832	2304	Unicorn-39931.exe	38
PID 2304 wrote to memory of 2832	2304	Unicorn-39931.exe	38
PID 2304 wrote to memory of 2832	2304	Unicorn-39931.exe	38
PID 2256 wrote to memory of 552	2256	Unicorn-9884.exe	41
PID 2256 wrote to memory of 552	2256	Unicorn-9884.exe	41
PID 2256 wrote to memory of 552	2256	Unicorn-9884.exe	41
PID 2256 wrote to memory of 552	2256	Unicorn-9884.exe	41
PID 2256 wrote to memory of 1492	2256	Unicorn-9884.exe	40
PID 2256 wrote to memory of 1492	2256	Unicorn-9884.exe	40
PID 2256 wrote to memory of 1492	2256	Unicorn-9884.exe	40
PID 2256 wrote to memory of 1492	2256	Unicorn-9884.exe	40
PID 552 wrote to memory of 1252	552	Unicorn-23790.exe	44
PID 552 wrote to memory of 1252	552	Unicorn-23790.exe	44
PID 552 wrote to memory of 1252	552	Unicorn-23790.exe	44
PID 552 wrote to memory of 1252	552	Unicorn-23790.exe	44
PID 552 wrote to memory of 2112	552	Unicorn-23790.exe	45
PID 552 wrote to memory of 2112	552	Unicorn-23790.exe	45
PID 552 wrote to memory of 2112	552	Unicorn-23790.exe	45
PID 552 wrote to memory of 2112	552	Unicorn-23790.exe	45

C:\Users\Admin\AppData\Local\Temp\1e452386fd5d69c654b0a827bc5c8ea9.exe
"C:\Users\Admin\AppData\Local\Temp\1e452386fd5d69c654b0a827bc5c8ea9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
  2⤵
  - Program crash
  PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        13⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        14⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        15⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        16⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        17⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        18⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
        19⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        20⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        21⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        22⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        23⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        24⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        25⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        26⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        27⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        28⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        29⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        30⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        31⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        32⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        33⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        34⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        35⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        36⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        37⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        38⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        39⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        40⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        41⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        42⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        42⤵
        Program crash
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        41⤵
        Program crash
        
        PID:380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        40⤵
        Program crash
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        39⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        38⤵
        Program crash
        
        PID:1824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        37⤵
        Program crash
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        36⤵
        Program crash
        
        PID:340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        35⤵
        Program crash
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
        34⤵
        Program crash
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        33⤵
        Program crash
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        32⤵
        Program crash
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        31⤵
        Program crash
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        30⤵
        Program crash
        
        PID:476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        29⤵
        Program crash
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        28⤵
        Program crash
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        27⤵
        Program crash
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        26⤵
        Program crash
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        25⤵
        Program crash
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        24⤵
        Program crash
        
        PID:1176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        23⤵
        Program crash
        
        PID:1224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        22⤵
        Program crash
        
        PID:1216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        21⤵
        Program crash
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        20⤵
        Program crash
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        19⤵
        Program crash
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        18⤵
        Program crash
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
        17⤵
        Program crash
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        16⤵
        Program crash
        
        PID:240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        15⤵
        Program crash
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        14⤵
        Program crash
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        13⤵
        Program crash
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        12⤵
        Program crash
        
        PID:776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        11⤵
        Program crash
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        10⤵
        Program crash
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2112

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads