f683530146fcf4130a0cc9b2b233e6f307f8edc4bd809f2a6dfd99576a3c3e4c

Analysis

max time kernel
24s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e6fdcc080ed18337be68f8da40ef56a.exe
Size

184KB
MD5

3e6fdcc080ed18337be68f8da40ef56a
SHA1

549d6f53da772f0a75a9298d086912d6667de922
SHA256

f683530146fcf4130a0cc9b2b233e6f307f8edc4bd809f2a6dfd99576a3c3e4c
SHA512

44ac70cc8c5d11032bc137b0727f47ff7f30ca5c95a50b9f2608cfd8ecdf4a2431492bbe90b21a5ca7a14bd53d8b570d05ced3e224d3381bff4bf58beda7d0aa
SSDEEP

3072:QAhaomxH02qTVYjgqUYWLjBL9ZR6zw6iaEEx9zPppslPvpFW:QAgoxpTVpq5WLjtpUXslPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 34 IoCs

pid	Process
2940	Unicorn-27354.exe
2736	Unicorn-37681.exe
2912	Unicorn-8770.exe
1804	Unicorn-9450.exe
2704	Unicorn-46954.exe
2624	Unicorn-58651.exe
2948	Unicorn-43130.exe
1652	Unicorn-35708.exe
1896	Unicorn-55574.exe
2568	Unicorn-35922.exe
1944	Unicorn-16056.exe
1424	Unicorn-60893.exe
2472	Unicorn-57255.exe
2772	Unicorn-3607.exe
2376	Unicorn-11775.exe
1188	Unicorn-40556.exe
1812	Unicorn-20690.exe
784	Unicorn-27728.exe
2328	Unicorn-48895.exe
904	Unicorn-8926.exe
1772	Unicorn-41791.exe
1564	Unicorn-26009.exe
2408	Unicorn-374.exe
2252	Unicorn-29709.exe
1192	Unicorn-61827.exe
884	Unicorn-57551.exe
2388	Unicorn-17457.exe
1628	Unicorn-30633.exe
2784	Unicorn-1490.exe
548	Unicorn-17718.exe
2384	Unicorn-61490.exe
2224	Unicorn-63389.exe
2600	Unicorn-29861.exe
2872	Unicorn-22570.exe

Loads dropped DLL 64 IoCs

pid	Process
2004	3e6fdcc080ed18337be68f8da40ef56a.exe
2004	3e6fdcc080ed18337be68f8da40ef56a.exe
2940	Unicorn-27354.exe
2940	Unicorn-27354.exe
2004	3e6fdcc080ed18337be68f8da40ef56a.exe
2004	3e6fdcc080ed18337be68f8da40ef56a.exe
2912	Unicorn-8770.exe
2912	Unicorn-8770.exe
2940	Unicorn-27354.exe
2940	Unicorn-27354.exe
2736	Unicorn-37681.exe
2736	Unicorn-37681.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
1804	Unicorn-9450.exe
1804	Unicorn-9450.exe
2912	Unicorn-8770.exe
2912	Unicorn-8770.exe
2704	Unicorn-46954.exe
2704	Unicorn-46954.exe
2624	Unicorn-58651.exe
2624	Unicorn-58651.exe
2736	Unicorn-37681.exe
2736	Unicorn-37681.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1872	WerFault.exe
1872	WerFault.exe
1872	WerFault.exe
1872	WerFault.exe
1500	WerFault.exe
1872	WerFault.exe
2948	Unicorn-43130.exe
2948	Unicorn-43130.exe
1804	Unicorn-9450.exe
1804	Unicorn-9450.exe
1652	Unicorn-35708.exe
1652	Unicorn-35708.exe
2568	Unicorn-35922.exe
2568	Unicorn-35922.exe
1944	Unicorn-16056.exe
1944	Unicorn-16056.exe
2624	Unicorn-58651.exe
2624	Unicorn-58651.exe
1896	Unicorn-55574.exe
1896	Unicorn-55574.exe
2704	Unicorn-46954.exe
2704	Unicorn-46954.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
756	WerFault.exe
1148	WerFault.exe

Program crash 27 IoCs

pid	pid_target	Process	procid_target
2752	2004	WerFault.exe	27
2828	2940	WerFault.exe	28
1500	2736	WerFault.exe	29
1872	2912	WerFault.exe	30
1792	1804	WerFault.exe	32
756	2704	WerFault.exe	33
1148	2624	WerFault.exe	34
2652	2948	WerFault.exe	36
324	1812	WerFault.exe	48
588	2376	WerFault.exe	46
2928	1944	WerFault.exe	40
596	1188	WerFault.exe	47
532	1652	WerFault.exe	38
888	2568	WerFault.exe	39
872	2772	WerFault.exe	45
1900	1896	WerFault.exe	37
2368	904	WerFault.exe	54
2380	784	WerFault.exe	49
2180	2472	WerFault.exe	44
1940	1564	WerFault.exe	55
2024	1772	WerFault.exe	56
2000	2328	WerFault.exe	50
1888	1424	WerFault.exe	43
668	2784	WerFault.exe	63
924	2648	WerFault.exe	71
2892	2872	WerFault.exe	67
1676	1192	WerFault.exe	58

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
2004	3e6fdcc080ed18337be68f8da40ef56a.exe
2940	Unicorn-27354.exe
2736	Unicorn-37681.exe
2912	Unicorn-8770.exe
2704	Unicorn-46954.exe
1804	Unicorn-9450.exe
2624	Unicorn-58651.exe
2948	Unicorn-43130.exe
1652	Unicorn-35708.exe
1896	Unicorn-55574.exe
2568	Unicorn-35922.exe
1944	Unicorn-16056.exe
1424	Unicorn-60893.exe
2472	Unicorn-57255.exe
2772	Unicorn-3607.exe
2376	Unicorn-11775.exe
1188	Unicorn-40556.exe
1812	Unicorn-20690.exe
784	Unicorn-27728.exe
2328	Unicorn-48895.exe
904	Unicorn-8926.exe
1564	Unicorn-26009.exe
1772	Unicorn-41791.exe
2408	Unicorn-374.exe
1192	Unicorn-61827.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2940	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	28
PID 2004 wrote to memory of 2940	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	28
PID 2004 wrote to memory of 2940	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	28
PID 2004 wrote to memory of 2940	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	28
PID 2940 wrote to memory of 2736	2940	Unicorn-27354.exe	29
PID 2940 wrote to memory of 2736	2940	Unicorn-27354.exe	29
PID 2940 wrote to memory of 2736	2940	Unicorn-27354.exe	29
PID 2940 wrote to memory of 2736	2940	Unicorn-27354.exe	29
PID 2004 wrote to memory of 2912	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	30
PID 2004 wrote to memory of 2912	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	30
PID 2004 wrote to memory of 2912	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	30
PID 2004 wrote to memory of 2912	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	30
PID 2004 wrote to memory of 2752	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	31
PID 2004 wrote to memory of 2752	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	31
PID 2004 wrote to memory of 2752	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	31
PID 2004 wrote to memory of 2752	2004	3e6fdcc080ed18337be68f8da40ef56a.exe	31
PID 2912 wrote to memory of 1804	2912	Unicorn-8770.exe	32
PID 2912 wrote to memory of 1804	2912	Unicorn-8770.exe	32
PID 2912 wrote to memory of 1804	2912	Unicorn-8770.exe	32
PID 2912 wrote to memory of 1804	2912	Unicorn-8770.exe	32
PID 2940 wrote to memory of 2704	2940	Unicorn-27354.exe	33
PID 2940 wrote to memory of 2704	2940	Unicorn-27354.exe	33
PID 2940 wrote to memory of 2704	2940	Unicorn-27354.exe	33
PID 2940 wrote to memory of 2704	2940	Unicorn-27354.exe	33
PID 2736 wrote to memory of 2624	2736	Unicorn-37681.exe	34
PID 2736 wrote to memory of 2624	2736	Unicorn-37681.exe	34
PID 2736 wrote to memory of 2624	2736	Unicorn-37681.exe	34
PID 2736 wrote to memory of 2624	2736	Unicorn-37681.exe	34
PID 2940 wrote to memory of 2828	2940	Unicorn-27354.exe	35
PID 2940 wrote to memory of 2828	2940	Unicorn-27354.exe	35
PID 2940 wrote to memory of 2828	2940	Unicorn-27354.exe	35
PID 2940 wrote to memory of 2828	2940	Unicorn-27354.exe	35
PID 1804 wrote to memory of 2948	1804	Unicorn-9450.exe	36
PID 1804 wrote to memory of 2948	1804	Unicorn-9450.exe	36
PID 1804 wrote to memory of 2948	1804	Unicorn-9450.exe	36
PID 1804 wrote to memory of 2948	1804	Unicorn-9450.exe	36
PID 2912 wrote to memory of 1652	2912	Unicorn-8770.exe	38
PID 2912 wrote to memory of 1652	2912	Unicorn-8770.exe	38
PID 2912 wrote to memory of 1652	2912	Unicorn-8770.exe	38
PID 2912 wrote to memory of 1652	2912	Unicorn-8770.exe	38
PID 2704 wrote to memory of 1896	2704	Unicorn-46954.exe	37
PID 2704 wrote to memory of 1896	2704	Unicorn-46954.exe	37
PID 2704 wrote to memory of 1896	2704	Unicorn-46954.exe	37
PID 2704 wrote to memory of 1896	2704	Unicorn-46954.exe	37
PID 2624 wrote to memory of 2568	2624	Unicorn-58651.exe	39
PID 2624 wrote to memory of 2568	2624	Unicorn-58651.exe	39
PID 2624 wrote to memory of 2568	2624	Unicorn-58651.exe	39
PID 2624 wrote to memory of 2568	2624	Unicorn-58651.exe	39
PID 2736 wrote to memory of 1944	2736	Unicorn-37681.exe	40
PID 2736 wrote to memory of 1944	2736	Unicorn-37681.exe	40
PID 2736 wrote to memory of 1944	2736	Unicorn-37681.exe	40
PID 2736 wrote to memory of 1944	2736	Unicorn-37681.exe	40
PID 2736 wrote to memory of 1500	2736	Unicorn-37681.exe	41
PID 2736 wrote to memory of 1500	2736	Unicorn-37681.exe	41
PID 2736 wrote to memory of 1500	2736	Unicorn-37681.exe	41
PID 2736 wrote to memory of 1500	2736	Unicorn-37681.exe	41
PID 2912 wrote to memory of 1872	2912	Unicorn-8770.exe	42
PID 2912 wrote to memory of 1872	2912	Unicorn-8770.exe	42
PID 2912 wrote to memory of 1872	2912	Unicorn-8770.exe	42
PID 2912 wrote to memory of 1872	2912	Unicorn-8770.exe	42
PID 2948 wrote to memory of 1424	2948	Unicorn-43130.exe	43
PID 2948 wrote to memory of 1424	2948	Unicorn-43130.exe	43
PID 2948 wrote to memory of 1424	2948	Unicorn-43130.exe	43
PID 2948 wrote to memory of 1424	2948	Unicorn-43130.exe	43

C:\Users\Admin\AppData\Local\Temp\3e6fdcc080ed18337be68f8da40ef56a.exe
"C:\Users\Admin\AppData\Local\Temp\3e6fdcc080ed18337be68f8da40ef56a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        8⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 380
        8⤵
        Program crash
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 380
        7⤵
        Program crash
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        Executes dropped EXE
        
        PID:1628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 372
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        6⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        7⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 380
        7⤵
        Program crash
        
        PID:668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 372
        6⤵
        Program crash
        
        PID:324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 372
        6⤵
        Program crash
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        5⤵
        Executes dropped EXE
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        6⤵
        
        PID:1484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 380
        5⤵
        Program crash
        
        PID:2928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        6⤵
        Executes dropped EXE
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        7⤵
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 380
        6⤵
        Program crash
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        5⤵
        Executes dropped EXE
        
        PID:2224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 372
        5⤵
        Program crash
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        5⤵
        Executes dropped EXE
        
        PID:2384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 380
        5⤵
        Program crash
        
        PID:2000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        7⤵
        Executes dropped EXE
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 380
        8⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 380
        7⤵
        Program crash
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        8⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 380
        7⤵
        Program crash
        
        PID:924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 384
        6⤵
        Program crash
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        6⤵
        Executes dropped EXE
        
        PID:2600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 380
        6⤵
        Program crash
        
        PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 372
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        7⤵
        
        PID:2712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 372
        6⤵
        Program crash
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        5⤵
        
        PID:2608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 380
        5⤵
        Program crash
        
        PID:2180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        5⤵
        Executes dropped EXE
        
        PID:884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 372
        5⤵
        Program crash
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      4⤵
      Executes dropped EXE
      PID:2252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 380
      4⤵
      Program crash
      PID:532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 372
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe

Filesize
184KB

MD5
161aa264cd83dfc778e85c0b3a610228

SHA1
429f97202286e9f8fb50f538a2c4dcae5209f49f

SHA256
18c0855532ffc70e41679a1aa7a2441b7bfe95facfdd4e3d31c1ac0c624a65d7

SHA512
a45ff0fae8fe26fc592b1e15912a955508b33aa5caa291457275f591f2eff79365eabdda45120eefdcedaa8f7184873197a20f15be049b53fb76d2e1fb3f07b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe

Filesize
184KB

MD5
a13429845550dee91b1cbe4027e3e7fd

SHA1
2a06920a72f597ce0a6c2b242d05b9699f6fab85

SHA256
699fe3f627b51abcf512c8e1505e827b568bee31e5dcb31729e3c40d20ef8374

SHA512
8e375da2fdba0e87782143869ecf3ebb2edbaf2d80746359ee51d1b83be4d6553b3ae5a3c94c02e3cd98fe1370c7de5f759d9ee4438f344d5187ba3c215e7f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe

Filesize
184KB

MD5
c1aaf9075e2d138b20babb9368b961dd

SHA1
d01ad658531e30abeec947d914f6e8a6a56b332d

SHA256
e1736e1268c37b3975b02e2bc8d4bdceaedf50b8051c17a76a57c41ae92ca686

SHA512
483c196ba37a7df9c3f63222a29a6a35767caa7190286f294f8c18c1fa4bc2c7ad5aafd69e0650bde2a787bc9d63576400c9e763a7580e32303a1dad72e544fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe

Filesize
184KB

MD5
14742850382b1945546baabf6170bda2

SHA1
4761f87595d4e4f9903b1692dbaeace2d6f15290

SHA256
c7ba491357abc11d255322793f9e2a265c9b71f3fd3d0a90de04f897191fdf95

SHA512
2e76f1a8aa638288759d577b33ea4d9242d4627bab60699722f4da4f3f8c4efe91ec2525e42e164f0587b61bb6a4573d464806b041288e1ca23c9cae3d0dc27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe

Filesize
184KB

MD5
89a199aad379ed737cb773a335347b95

SHA1
73deff8240a4795b63a5b57d51d313a48f6d2d1c

SHA256
9d3fbd13d233d3b7ff836d7aa7ba494301cab78d438238e88a4c3eb9c3f4a3e1

SHA512
83db0922fc7c653c589c05d695b0ee14afeb4c005d6ed5a94e01a45527e852a284d30566f2c454d0ef22528b71baf097fe862bd4163233d91f7991dc282d06d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe

Filesize
184KB

MD5
425e2db56d3c695316cc4a836a7cb13a

SHA1
8c0c464191ca7a9fbf55e9c855b3f5c753d51b1c

SHA256
b11bfcd08768244e96d99cce7a9dcc80e5abb6549b8ae123702cad6644a67fd1

SHA512
c08c4fbd5881999f2c99a245d911d7c77fa21304ed6195833d640ee1dfdbb586f4062fd172aa7bd63614ca63b290b4f529d38191ea3af37e85cc5d898924d840

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe

Filesize
184KB

MD5
f1871669fa63617f466f819d439a45b3

SHA1
fa360066c65bdf55139161ed42e91fd696eaedf0

SHA256
988dfa198f1183a534c8b5f99243e730441e99cbbe7f55a16c330415acfe4680

SHA512
2c711ac01acdde310e569180b09b398905779239c9511f78989b5e60d6e96e3933321752c32cd6671d68576a4587369d2212e2b40e54588bf564559aebcfc22d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe

Filesize
184KB

MD5
92bec91185a73866ae350d60cfcc1b92

SHA1
d5b5ca4512e30d407b7571f1c3332aafc1ff3baf

SHA256
773a8e24fb23e9e41d44fb38cc7e7988dd41e39a8ee9eddd0a7ec2cf2cd05db0

SHA512
b27246898ff155a8d06777769668503dc147fe1780326aa72e70fb1084750af338ae919e5e9c9d19996586376836eba43a7d7c141a6588bce70c77bf0a940609

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe

Filesize
184KB

MD5
0564c471eb9b74a3daa3cf7c95eadf29

SHA1
822fc47e09d0f535282004340efbf5418cde8f77

SHA256
ced7dfbdee64b43bbec4ff83b596e384e04a174320f9325df8adbeaf6dfeed7e

SHA512
e5e63e6797b80c96ad7f55ff7f53118818e14e066672bd9007f8c4647fd1d74c4b1b6e9dcdd3888dd30072b2687e07b8b08987bf70be115e320011bd0b500f1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe

Filesize
184KB

MD5
efaf3facb97aba8bf81506488c0da2d2

SHA1
26cdb7caa1f2ec9823b9ae961b92ebf297321cfc

SHA256
87733ee72d39c54a90097264a429c548cfd96a60b13b55bb025929287862bd20

SHA512
2d4da783e0db7e3aa05dd0cbbf4789e03cc406af0e92e9f9350ba6ee807e8546f84ffa3161f05eaa8f1952fc1231de61370572f05f00b60740a71b5ae3e2ff48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe

Filesize
184KB

MD5
b807cc9f33f5d61a087e53776e1e681a

SHA1
e3c035da8fc46b65719cc2c9d3f08b8a512e1a26

SHA256
dd9973af314ee5531f0567b1b30a37723f5e90488c782d86adbd759e5c6715ee

SHA512
b50a5c2683cbc072c7c262e7d2a1305df78fcbfbda2400c59e35a6e6b2533920bd7a55982c750aaf9190c0fe6e2fcd61bf73c4c4b39879c0f75b569bf20c3f3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe

Filesize
184KB

MD5
3f71c79c6a0786c7358f5520fc531069

SHA1
9d7a5dc2324a5ef989708d86a40efc71b3ee6de0

SHA256
385ce0df6c87db67a85dfa99a61918bfcf2e4746b1230063ea3e63f018de49b9

SHA512
f7249a04a45033c6e7b2b1bbb3ba93344c8039fd60578431faca2af15bf64f27cab00bf5629393e1f683735bba09e3833a0068fd9b0ddc241330853e8b1a3fc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe

Filesize
184KB

MD5
91625410f73c7ec7054f2ce9992236dd

SHA1
112129e773f3b160cd873456593713d79e76e1a9

SHA256
7b259d08e496f8518c05809341ef8ce555296e530c4f8530edc5c056821fb0bc

SHA512
114548adf0839e53a5d7369929a9f3dcdb44157aab5b91852c9232b3bb3ae2038c5b013d91ef24044935c845aadbe573b9e66dbde25347318b39f3fc16653485

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe

Filesize
184KB

MD5
6fa76979f59becdcd6a1119903aa074e

SHA1
393bb163d42ddb6dec9aa93df96d15f348e751b2

SHA256
358aea25c73f2214e90be26d04933c384361c770db4743faebd27b7c3ff985bc

SHA512
c7bd953826dd337114131e0d26885f4242a0cbdc485d7b81717cf4dde13961644899eaa1ed8b9c69f0e4e7f6587a0d4d891ce8acc12ab4bb8dde7c9238182089

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads