7d9ee21a9583c88d351734bd70a2a7d2c0f04705de6c86b747beb2720dc5979d

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ae16d09a29f8349e9fffd4acd75b92e.exe
Size

184KB
MD5

3ae16d09a29f8349e9fffd4acd75b92e
SHA1

a4f2715777bfc8d35ca6cdf25be2c07ffcab2721
SHA256

7d9ee21a9583c88d351734bd70a2a7d2c0f04705de6c86b747beb2720dc5979d
SHA512

29af86a922f352dd43ad7691a38dbace9c499b403434b01f682e38b0d262772f5bff284a8302c64334ecdb550ff97e37f85e940a170b204d64542bf53a94ddfa
SSDEEP

3072:qv6oomLyxnwQoOjYo3QFRJcLGzZMRoMx6SxvfEUANlHTpFJ:qvNoHwQoTogFRJSVRCNlHTpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
2196	Unicorn-51475.exe
2620	Unicorn-42321.exe
1736	Unicorn-30152.exe
2500	Unicorn-54895.exe
1684	Unicorn-29405.exe
2468	Unicorn-2653.exe
960	Unicorn-8958.exe
2968	Unicorn-14194.exe
2272	Unicorn-40884.exe
324	Unicorn-15393.exe
2900	Unicorn-21699.exe
1668	Unicorn-60868.exe

Loads dropped DLL 64 IoCs

pid	Process
1256	3ae16d09a29f8349e9fffd4acd75b92e.exe
1256	3ae16d09a29f8349e9fffd4acd75b92e.exe
2196	Unicorn-51475.exe
2196	Unicorn-51475.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2620	Unicorn-42321.exe
2620	Unicorn-42321.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
1736	Unicorn-30152.exe
1736	Unicorn-30152.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2500	Unicorn-54895.exe
2500	Unicorn-54895.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1684	Unicorn-29405.exe
1684	Unicorn-29405.exe
964	WerFault.exe
964	WerFault.exe
964	WerFault.exe
964	WerFault.exe
964	WerFault.exe
964	WerFault.exe
964	WerFault.exe
2468	Unicorn-2653.exe
2468	Unicorn-2653.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
960	Unicorn-8958.exe
960	Unicorn-8958.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe

Program crash 48 IoCs

pid	pid_target	Process	procid_target
2776	1256	WerFault.exe	9
2764	2196	WerFault.exe	29
2520	2620	WerFault.exe	31
2956	1736	WerFault.exe	33
1084	2500	WerFault.exe	35
964	1684	WerFault.exe	37
1524	2468	WerFault.exe	39
2948	960	WerFault.exe	41
1992	2968	WerFault.exe	43
496	2272	WerFault.exe	44
1904	324	WerFault.exe	47
448	2900	WerFault.exe	48
1168	1668	WerFault.exe	50
1792	1760	WerFault.exe	52
2292	1124	WerFault.exe	54
2888	108	WerFault.exe	56
2344	2412	WerFault.exe	58
2872	1604	WerFault.exe	62
2848	2056	WerFault.exe	64
2228	2612	WerFault.exe	66
2516	2476	WerFault.exe	68
1572	1592	WerFault.exe	70
2784	1968	WerFault.exe	72
2020	2792	WerFault.exe	74
1104	2148	WerFault.exe	76
1100	600	WerFault.exe	78
2096	2104	WerFault.exe	80
1128	1096	WerFault.exe	82
1768	912	WerFault.exe	84
2560	916	WerFault.exe	86
2712	1616	WerFault.exe	88
2756	2736	WerFault.exe	90
2720	2544	WerFault.exe	92
2772	2656	WerFault.exe	94
2744	1396	WerFault.exe	96
3068	1348	WerFault.exe	98
1624	1580	WerFault.exe	100
2588	1120	WerFault.exe	102
2596	1700	WerFault.exe	104
2936	2556	WerFault.exe	106
1976	1956	WerFault.exe	108
1428	588	WerFault.exe	110
276	1548	WerFault.exe	112
1112	1704	WerFault.exe	114
1232	904	WerFault.exe	116
1832	2168	WerFault.exe	118
1064	780	WerFault.exe	120
2960	2988	WerFault.exe	122

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1256	3ae16d09a29f8349e9fffd4acd75b92e.exe
2196	Unicorn-51475.exe
2620	Unicorn-42321.exe
1736	Unicorn-30152.exe
2500	Unicorn-54895.exe
1684	Unicorn-29405.exe
2468	Unicorn-2653.exe
960	Unicorn-8958.exe
2968	Unicorn-14194.exe
2272	Unicorn-40884.exe
324	Unicorn-15393.exe
2900	Unicorn-21699.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2196	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	29
PID 1256 wrote to memory of 2196	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	29
PID 1256 wrote to memory of 2196	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	29
PID 1256 wrote to memory of 2196	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	29
PID 1256 wrote to memory of 2776	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	28
PID 1256 wrote to memory of 2776	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	28
PID 1256 wrote to memory of 2776	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	28
PID 1256 wrote to memory of 2776	1256	3ae16d09a29f8349e9fffd4acd75b92e.exe	28
PID 2196 wrote to memory of 2620	2196	Unicorn-51475.exe	31
PID 2196 wrote to memory of 2620	2196	Unicorn-51475.exe	31
PID 2196 wrote to memory of 2620	2196	Unicorn-51475.exe	31
PID 2196 wrote to memory of 2620	2196	Unicorn-51475.exe	31
PID 2196 wrote to memory of 2764	2196	Unicorn-51475.exe	30
PID 2196 wrote to memory of 2764	2196	Unicorn-51475.exe	30
PID 2196 wrote to memory of 2764	2196	Unicorn-51475.exe	30
PID 2196 wrote to memory of 2764	2196	Unicorn-51475.exe	30
PID 2620 wrote to memory of 1736	2620	Unicorn-42321.exe	33
PID 2620 wrote to memory of 1736	2620	Unicorn-42321.exe	33
PID 2620 wrote to memory of 1736	2620	Unicorn-42321.exe	33
PID 2620 wrote to memory of 1736	2620	Unicorn-42321.exe	33
PID 2620 wrote to memory of 2520	2620	Unicorn-42321.exe	32
PID 2620 wrote to memory of 2520	2620	Unicorn-42321.exe	32
PID 2620 wrote to memory of 2520	2620	Unicorn-42321.exe	32
PID 2620 wrote to memory of 2520	2620	Unicorn-42321.exe	32
PID 1736 wrote to memory of 2500	1736	Unicorn-30152.exe	35
PID 1736 wrote to memory of 2500	1736	Unicorn-30152.exe	35
PID 1736 wrote to memory of 2500	1736	Unicorn-30152.exe	35
PID 1736 wrote to memory of 2500	1736	Unicorn-30152.exe	35
PID 1736 wrote to memory of 2956	1736	Unicorn-30152.exe	34
PID 1736 wrote to memory of 2956	1736	Unicorn-30152.exe	34
PID 1736 wrote to memory of 2956	1736	Unicorn-30152.exe	34
PID 1736 wrote to memory of 2956	1736	Unicorn-30152.exe	34
PID 2500 wrote to memory of 1684	2500	Unicorn-54895.exe	37
PID 2500 wrote to memory of 1684	2500	Unicorn-54895.exe	37
PID 2500 wrote to memory of 1684	2500	Unicorn-54895.exe	37
PID 2500 wrote to memory of 1684	2500	Unicorn-54895.exe	37
PID 2500 wrote to memory of 1084	2500	Unicorn-54895.exe	36
PID 2500 wrote to memory of 1084	2500	Unicorn-54895.exe	36
PID 2500 wrote to memory of 1084	2500	Unicorn-54895.exe	36
PID 2500 wrote to memory of 1084	2500	Unicorn-54895.exe	36
PID 1684 wrote to memory of 2468	1684	Unicorn-29405.exe	39
PID 1684 wrote to memory of 2468	1684	Unicorn-29405.exe	39
PID 1684 wrote to memory of 2468	1684	Unicorn-29405.exe	39
PID 1684 wrote to memory of 2468	1684	Unicorn-29405.exe	39
PID 1684 wrote to memory of 964	1684	Unicorn-29405.exe	38
PID 1684 wrote to memory of 964	1684	Unicorn-29405.exe	38
PID 1684 wrote to memory of 964	1684	Unicorn-29405.exe	38
PID 1684 wrote to memory of 964	1684	Unicorn-29405.exe	38
PID 2468 wrote to memory of 960	2468	Unicorn-2653.exe	41
PID 2468 wrote to memory of 960	2468	Unicorn-2653.exe	41
PID 2468 wrote to memory of 960	2468	Unicorn-2653.exe	41
PID 2468 wrote to memory of 960	2468	Unicorn-2653.exe	41
PID 2468 wrote to memory of 1524	2468	Unicorn-2653.exe	40
PID 2468 wrote to memory of 1524	2468	Unicorn-2653.exe	40
PID 2468 wrote to memory of 1524	2468	Unicorn-2653.exe	40
PID 2468 wrote to memory of 1524	2468	Unicorn-2653.exe	40
PID 960 wrote to memory of 2968	960	Unicorn-8958.exe	43
PID 960 wrote to memory of 2968	960	Unicorn-8958.exe	43
PID 960 wrote to memory of 2968	960	Unicorn-8958.exe	43
PID 960 wrote to memory of 2968	960	Unicorn-8958.exe	43
PID 960 wrote to memory of 2948	960	Unicorn-8958.exe	42
PID 960 wrote to memory of 2948	960	Unicorn-8958.exe	42
PID 960 wrote to memory of 2948	960	Unicorn-8958.exe	42
PID 960 wrote to memory of 2948	960	Unicorn-8958.exe	42

C:\Users\Admin\AppData\Local\Temp\3ae16d09a29f8349e9fffd4acd75b92e.exe
"C:\Users\Admin\AppData\Local\Temp\3ae16d09a29f8349e9fffd4acd75b92e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
  2⤵
  - Program crash
  PID:2776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        11⤵
        Program crash
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        13⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        14⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        15⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        16⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        18⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        19⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        20⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        21⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        22⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        23⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        24⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        25⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        26⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        27⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        28⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        29⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        30⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        31⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
        32⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        33⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        34⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        35⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        36⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        37⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        38⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        39⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        40⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        41⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        42⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        43⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        44⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        45⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        46⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        47⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        48⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        49⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        50⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        49⤵
        Program crash
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
        48⤵
        Program crash
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        47⤵
        Program crash
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        46⤵
        Program crash
        
        PID:1232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        45⤵
        Program crash
        
        PID:1112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        44⤵
        Program crash
        
        PID:276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        43⤵
        Program crash
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        42⤵
        Program crash
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        41⤵
        Program crash
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        40⤵
        Program crash
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        39⤵
        Program crash
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        38⤵
        Program crash
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        37⤵
        Program crash
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        36⤵
        Program crash
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        35⤵
        Program crash
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        34⤵
        Program crash
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        33⤵
        Program crash
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        32⤵
        Program crash
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        31⤵
        Program crash
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        30⤵
        Program crash
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
        29⤵
        Program crash
        
        PID:1128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        28⤵
        Program crash
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
        27⤵
        Program crash
        
        PID:1100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        26⤵
        Program crash
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        25⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        24⤵
        Program crash
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        23⤵
        Program crash
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        22⤵
        Program crash
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        21⤵
        Program crash
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        20⤵
        Program crash
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        19⤵
        Program crash
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        18⤵
        Program crash
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
        17⤵
        Program crash
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        16⤵
        Program crash
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        15⤵
        Program crash
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        14⤵
        Program crash
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        13⤵
        Program crash
        
        PID:448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        12⤵
        Program crash
        
        PID:1904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        10⤵
        Program crash
        
        PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe

Filesize
7KB

MD5
ffa000d77ac137b62ee2974115e07f68

SHA1
8c74c009288cbf50beee741f133f93220450d342

SHA256
714e155c2c17626f82822e0f3003fcec264cbadb38afda83d3fd3eb45ef8fce3

SHA512
e49967596d37b339ad9261d4908c0848b9ea42968947e222c102a94ef0fb976fbc1ee96bb198cc1434c747629c21a21220f6b70feb62751f626cfb77fa7c8a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe

Filesize
28KB

MD5
8387d86c5f95f5ace32b263ea6f7db0a

SHA1
42d48f1cf84b27582197986b17f6de1746aebcb8

SHA256
ff4fb371de17ee92e88b6604a3351d31c40e3fb0acdc89c0f72a3d547535e3ef

SHA512
f673a7c1d29a989e852d97e028dee9f6012435947c84dc76882db33869e913820d2fb5cde795f4c73deba6a515cc7593cad00a0a1836ee0b90764cf780139467

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe

Filesize
11KB

MD5
0d3f24a10ef271ef64ccb6a036604cc6

SHA1
e889d149f0005fa5ac6f60bc3a08c5a294769159

SHA256
22efc97c8b094f5a1240dc1efeb261fb1211b4be32d77c90b46d9d3fdb410477

SHA512
dbf34ae66dfb9d9a6a9ab170f18766ad3835f20eaf1cb7b0d32674efac9d75199044926129c1d87c475f55a180a07ec8d6d57c200536902c95449391ab79e887

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads