1fb778d938794ea0ad5ea0519f92e3760f896a5512f7b813a6db87f906475e19

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c88304aec53d80790b734f83da78fbe.exe
Size

184KB
MD5

1c88304aec53d80790b734f83da78fbe
SHA1

5aab9d91a3bf68e1121395436f5b67e3e82e872d
SHA256

1fb778d938794ea0ad5ea0519f92e3760f896a5512f7b813a6db87f906475e19
SHA512

209f5f973734d491f519c6de47c159547e59d39aae6787902e1ef1d25195045817a5b880cf46eb35e719e5c6f12c1fa6cfd14b82048a15339c20bf1f5ade30fd
SSDEEP

3072:S2Otozv4fYA0MOjCdT3WA8FbYtI6ODfIfYExg9jSQNlPFpF2:S2Ao450MtdLWA8LQwxNlPFpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 47 IoCs

pid	Process
1684	Unicorn-50702.exe
2384	Unicorn-5772.exe
2576	Unicorn-24387.exe
2572	Unicorn-50614.exe
484	Unicorn-57708.exe
2172	Unicorn-36515.exe
2180	Unicorn-59670.exe
1100	Unicorn-20916.exe
2112	Unicorn-490.exe
2140	Unicorn-39777.exe
1732	Unicorn-16804.exe
396	Unicorn-55994.exe
2348	Unicorn-39689.exe
876	Unicorn-14411.exe
2468	Unicorn-52834.exe
1672	Unicorn-31833.exe
1852	Unicorn-10374.exe
1904	Unicorn-9601.exe
2744	Unicorn-31745.exe
2676	Unicorn-29999.exe
1984	Unicorn-29418.exe
1332	Unicorn-48800.exe
1804	Unicorn-59511.exe
1688	Unicorn-33357.exe
796	Unicorn-8847.exe
980	Unicorn-43990.exe
2340	Unicorn-49605.exe
928	Unicorn-32688.exe
2780	Unicorn-55542.exe
2956	Unicorn-58648.exe
1964	Unicorn-32338.exe
2720	Unicorn-49271.exe
2612	Unicorn-59873.exe
1740	Unicorn-16890.exe
2028	Unicorn-39780.exe
2024	Unicorn-51617.exe
1724	Unicorn-65234.exe
2968	Unicorn-2707.exe
2684	Unicorn-28769.exe
1480	Unicorn-1690.exe
1396	Unicorn-7811.exe
2580	Unicorn-26582.exe
800	Unicorn-38419.exe
2856	Unicorn-35508.exe
2696	Unicorn-1797.exe
2324	Unicorn-11330.exe
2020	Unicorn-29333.exe

Loads dropped DLL 64 IoCs

pid	Process
2004	1c88304aec53d80790b734f83da78fbe.exe
2004	1c88304aec53d80790b734f83da78fbe.exe
1684	Unicorn-50702.exe
1684	Unicorn-50702.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2384	Unicorn-5772.exe
2384	Unicorn-5772.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2576	Unicorn-24387.exe
2576	Unicorn-24387.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2572	Unicorn-50614.exe
2572	Unicorn-50614.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
484	Unicorn-57708.exe
484	Unicorn-57708.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
2172	Unicorn-36515.exe
2172	Unicorn-36515.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
472	WerFault.exe
2180	Unicorn-59670.exe
2180	Unicorn-59670.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe

Program crash 47 IoCs

pid	pid_target	Process	procid_target
1744	2004	WerFault.exe	27
2928	1684	WerFault.exe	28
2704	2384	WerFault.exe	30
2988	2576	WerFault.exe	32
2832	2572	WerFault.exe	34
1884	484	WerFault.exe	36
472	2172	WerFault.exe	38
1368	2180	WerFault.exe	40
836	1100	WerFault.exe	42
2848	2112	WerFault.exe	44
2268	2140	WerFault.exe	46
1676	1732	WerFault.exe	48
3040	396	WerFault.exe	51
1060	2348	WerFault.exe	54
2136	876	WerFault.exe	56
1596	2468	WerFault.exe	58
2016	1672	WerFault.exe	60
2236	1852	WerFault.exe	62
2548	1904	WerFault.exe	64
2712	2744	WerFault.exe	66
2520	2676	WerFault.exe	68
1348	1984	WerFault.exe	70
1608	1332	WerFault.exe	72
2164	1804	WerFault.exe	74
1484	1688	WerFault.exe	76
2036	796	WerFault.exe	78
1760	980	WerFault.exe	80
828	2340	WerFault.exe	82
2480	928	WerFault.exe	84
1972	2780	WerFault.exe	86
2644	2956	WerFault.exe	88
2552	1964	WerFault.exe	90
3024	2720	WerFault.exe	92
1556	2612	WerFault.exe	94
2512	1740	WerFault.exe	96
1664	2028	WerFault.exe	98
1692	2024	WerFault.exe	100
3056	1724	WerFault.exe	102
2588	2968	WerFault.exe	104
920	2684	WerFault.exe	106
1640	1480	WerFault.exe	108
2124	1396	WerFault.exe	110
2088	2580	WerFault.exe	112
3032	800	WerFault.exe	114
1916	2856	WerFault.exe	116
2560	2696	WerFault.exe	118
2772	2324	WerFault.exe	120

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2004	1c88304aec53d80790b734f83da78fbe.exe
1684	Unicorn-50702.exe
2384	Unicorn-5772.exe
2576	Unicorn-24387.exe
2572	Unicorn-50614.exe
484	Unicorn-57708.exe
2172	Unicorn-36515.exe
2180	Unicorn-59670.exe
1100	Unicorn-20916.exe
2112	Unicorn-490.exe
2140	Unicorn-39777.exe
1732	Unicorn-16804.exe
396	Unicorn-55994.exe
2348	Unicorn-39689.exe
876	Unicorn-14411.exe
2468	Unicorn-52834.exe
1672	Unicorn-31833.exe
1852	Unicorn-10374.exe
1904	Unicorn-9601.exe
2744	Unicorn-31745.exe
2676	Unicorn-29999.exe
1984	Unicorn-29418.exe
1332	Unicorn-48800.exe
1804	Unicorn-59511.exe
1688	Unicorn-33357.exe
796	Unicorn-8847.exe
980	Unicorn-43990.exe
2340	Unicorn-49605.exe
928	Unicorn-32688.exe
2780	Unicorn-55542.exe
2956	Unicorn-58648.exe
1964	Unicorn-32338.exe
2720	Unicorn-49271.exe
2612	Unicorn-59873.exe
1740	Unicorn-16890.exe
2028	Unicorn-39780.exe
2024	Unicorn-51617.exe
1724	Unicorn-65234.exe
2968	Unicorn-2707.exe
2684	Unicorn-28769.exe
1480	Unicorn-1690.exe
1396	Unicorn-7811.exe
2580	Unicorn-26582.exe
800	Unicorn-38419.exe
2856	Unicorn-35508.exe
2696	Unicorn-1797.exe
2324	Unicorn-11330.exe
2020	Unicorn-29333.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1684	2004	1c88304aec53d80790b734f83da78fbe.exe	28
PID 2004 wrote to memory of 1684	2004	1c88304aec53d80790b734f83da78fbe.exe	28
PID 2004 wrote to memory of 1684	2004	1c88304aec53d80790b734f83da78fbe.exe	28
PID 2004 wrote to memory of 1684	2004	1c88304aec53d80790b734f83da78fbe.exe	28
PID 2004 wrote to memory of 1744	2004	1c88304aec53d80790b734f83da78fbe.exe	29
PID 2004 wrote to memory of 1744	2004	1c88304aec53d80790b734f83da78fbe.exe	29
PID 2004 wrote to memory of 1744	2004	1c88304aec53d80790b734f83da78fbe.exe	29
PID 2004 wrote to memory of 1744	2004	1c88304aec53d80790b734f83da78fbe.exe	29
PID 1684 wrote to memory of 2384	1684	Unicorn-50702.exe	30
PID 1684 wrote to memory of 2384	1684	Unicorn-50702.exe	30
PID 1684 wrote to memory of 2384	1684	Unicorn-50702.exe	30
PID 1684 wrote to memory of 2384	1684	Unicorn-50702.exe	30
PID 1684 wrote to memory of 2928	1684	Unicorn-50702.exe	31
PID 1684 wrote to memory of 2928	1684	Unicorn-50702.exe	31
PID 1684 wrote to memory of 2928	1684	Unicorn-50702.exe	31
PID 1684 wrote to memory of 2928	1684	Unicorn-50702.exe	31
PID 2384 wrote to memory of 2576	2384	Unicorn-5772.exe	32
PID 2384 wrote to memory of 2576	2384	Unicorn-5772.exe	32
PID 2384 wrote to memory of 2576	2384	Unicorn-5772.exe	32
PID 2384 wrote to memory of 2576	2384	Unicorn-5772.exe	32
PID 2384 wrote to memory of 2704	2384	Unicorn-5772.exe	33
PID 2384 wrote to memory of 2704	2384	Unicorn-5772.exe	33
PID 2384 wrote to memory of 2704	2384	Unicorn-5772.exe	33
PID 2384 wrote to memory of 2704	2384	Unicorn-5772.exe	33
PID 2576 wrote to memory of 2572	2576	Unicorn-24387.exe	34
PID 2576 wrote to memory of 2572	2576	Unicorn-24387.exe	34
PID 2576 wrote to memory of 2572	2576	Unicorn-24387.exe	34
PID 2576 wrote to memory of 2572	2576	Unicorn-24387.exe	34
PID 2576 wrote to memory of 2988	2576	Unicorn-24387.exe	35
PID 2576 wrote to memory of 2988	2576	Unicorn-24387.exe	35
PID 2576 wrote to memory of 2988	2576	Unicorn-24387.exe	35
PID 2576 wrote to memory of 2988	2576	Unicorn-24387.exe	35
PID 2572 wrote to memory of 484	2572	Unicorn-50614.exe	36
PID 2572 wrote to memory of 484	2572	Unicorn-50614.exe	36
PID 2572 wrote to memory of 484	2572	Unicorn-50614.exe	36
PID 2572 wrote to memory of 484	2572	Unicorn-50614.exe	36
PID 2572 wrote to memory of 2832	2572	Unicorn-50614.exe	37
PID 2572 wrote to memory of 2832	2572	Unicorn-50614.exe	37
PID 2572 wrote to memory of 2832	2572	Unicorn-50614.exe	37
PID 2572 wrote to memory of 2832	2572	Unicorn-50614.exe	37
PID 484 wrote to memory of 2172	484	Unicorn-57708.exe	38
PID 484 wrote to memory of 2172	484	Unicorn-57708.exe	38
PID 484 wrote to memory of 2172	484	Unicorn-57708.exe	38
PID 484 wrote to memory of 2172	484	Unicorn-57708.exe	38
PID 484 wrote to memory of 1884	484	Unicorn-57708.exe	39
PID 484 wrote to memory of 1884	484	Unicorn-57708.exe	39
PID 484 wrote to memory of 1884	484	Unicorn-57708.exe	39
PID 484 wrote to memory of 1884	484	Unicorn-57708.exe	39
PID 2172 wrote to memory of 2180	2172	Unicorn-36515.exe	40
PID 2172 wrote to memory of 2180	2172	Unicorn-36515.exe	40
PID 2172 wrote to memory of 2180	2172	Unicorn-36515.exe	40
PID 2172 wrote to memory of 2180	2172	Unicorn-36515.exe	40
PID 2172 wrote to memory of 472	2172	Unicorn-36515.exe	41
PID 2172 wrote to memory of 472	2172	Unicorn-36515.exe	41
PID 2172 wrote to memory of 472	2172	Unicorn-36515.exe	41
PID 2172 wrote to memory of 472	2172	Unicorn-36515.exe	41
PID 2180 wrote to memory of 1100	2180	Unicorn-59670.exe	42
PID 2180 wrote to memory of 1100	2180	Unicorn-59670.exe	42
PID 2180 wrote to memory of 1100	2180	Unicorn-59670.exe	42
PID 2180 wrote to memory of 1100	2180	Unicorn-59670.exe	42
PID 2180 wrote to memory of 1368	2180	Unicorn-59670.exe	43
PID 2180 wrote to memory of 1368	2180	Unicorn-59670.exe	43
PID 2180 wrote to memory of 1368	2180	Unicorn-59670.exe	43
PID 2180 wrote to memory of 1368	2180	Unicorn-59670.exe	43

C:\Users\Admin\AppData\Local\Temp\1c88304aec53d80790b734f83da78fbe.exe
"C:\Users\Admin\AppData\Local\Temp\1c88304aec53d80790b734f83da78fbe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        48⤵
        Program crash
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        47⤵
        Program crash
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        46⤵
        Program crash
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        45⤵
        Program crash
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        44⤵
        Program crash
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        43⤵
        Program crash
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        42⤵
        Program crash
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        41⤵
        Program crash
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        40⤵
        Program crash
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        39⤵
        Program crash
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        38⤵
        Program crash
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        37⤵
        Program crash
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        36⤵
        Program crash
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        35⤵
        Program crash
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        34⤵
        Program crash
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        33⤵
        Program crash
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        32⤵
        Program crash
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        31⤵
        Program crash
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
        30⤵
        Program crash
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        29⤵
        Program crash
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        28⤵
        Program crash
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
        27⤵
        Program crash
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        26⤵
        Program crash
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        25⤵
        Program crash
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        24⤵
        Program crash
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        23⤵
        Program crash
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        22⤵
        Program crash
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        21⤵
        Program crash
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        20⤵
        Program crash
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        19⤵
        Program crash
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        18⤵
        Program crash
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        17⤵
        Program crash
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        16⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        15⤵
        Program crash
        
        PID:1060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 236
        14⤵
        Program crash
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        13⤵
        Program crash
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        12⤵
        Program crash
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        11⤵
        Program crash
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        10⤵
        Program crash
        
        PID:836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
  2⤵
  - Program crash
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe

Filesize
184KB

MD5
f8507f520e25e6b591ddd000d8a08b44

SHA1
0fa045590d05e35e453b2114767c75ec3a2aa765

SHA256
66b36abff089737ceedc43a8d06284fdaaaca25ffa2f0d42a6ec815b93b74e01

SHA512
e17b244b5a614f8584de8e4e93b795072f61707cb175619db6a657927323ceb333962249ab1fd85e9887227d5a9081a65c90c4d897ae3840736f9a6e08ce1185

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe

Filesize
184KB

MD5
839bc31fba10bc37e50ab6a1cf3d3f86

SHA1
c800c7521110610c8cc305d828a64ffa0d82bb82

SHA256
61f76b8d6cab0bf866e258cfa22ced4ad79da4457811af6921c9e2bd56842735

SHA512
eb96af0c4813b46baebe0f5e9b68168a69f26fffa6ddeb2591a47f1a52281e2cbe13a36686cdb3b48b6b33c67629615dff1e108073e4c5073f22e83ca9e76fcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe

Filesize
184KB

MD5
450452485d86f8e4c17528b49c890d85

SHA1
3e0bfd3bc1e404d12cf78b12b15e9b0a2c021260

SHA256
dfe47e6283fac427b834369b97e0b53824652d988f872e1e535315d8df28b5ab

SHA512
a2b5737037eee474059d3be84d652ba9b7ca938089bd741fc3d5d35560ce0c43e4e0c45e537d435ffed90d0b0ff26bb367c5e82bb48d8812f8797d490908f242

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe

Filesize
184KB

MD5
3ca4ec94ef9d5a889c7e9d29ed252c0c

SHA1
eef4fefbfabd9cb2756807c765cd6d1fb6226d97

SHA256
6d31366c4c83ac57aa691e14706125a3e9920477d318768888a9524cfbc753e0

SHA512
20594eebdd361aa78b7492f003c88a94fc4fcecc9ad07cfea495c988a1903022284c1eba61dc47b25d5072bd8a3b7d3bca9351a87a622298e3aaa6e785a678ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe

Filesize
184KB

MD5
3e6d020ce65a1132064dc698d795e4fb

SHA1
748186356ba4e9659f23fa0df92c6d67dc56dd75

SHA256
2ca7a36dbe50372382dacfc1d3e87f2d092acee15f06cd5284636038537edee7

SHA512
8ec86420cb8aa342d7213198a2f17a89b43da80efec4fda0d30e51e31f6f2fa65262c2c6ca69bb8b7c6f5a70ec67c57f429bc9adfe510bab702d3b0bd5de4e74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe

Filesize
184KB

MD5
68e500f9ec366bf5ae43bc2dc7d6e321

SHA1
a6fef1edfdd9b27c332ee5e4c127f2d54977de3d

SHA256
eb07e4494d5f6bd29c81db413bf3abd143ea02cb0967f2a28a2065305e70d4ca

SHA512
972cc60865d4fb41318c81c036d5dfc162028d907912e12fc0765f10e4a9573af29ecf7ce0940c86620382d06c69b5096c842bb204f4c2ca4276867ba1e2177f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe

Filesize
184KB

MD5
e93f0bb113f63fdfc46f9da150a73650

SHA1
a1e6c899175d49dbd9b4862e7c03892beac4b45d

SHA256
a817ec1815959b503e5ec0bd03a1f9d7f6041d3ed615d69356e35daf1e0275a3

SHA512
c57d688f009053c916edf8f75cbaf5f516269da9bd3a01a063927518d50d55e890a43c4f9694d24501a213789ae7ef75369880e2d6637d60572035dd6d141ed0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads