8092ccc7c844eb9b3d3a6eb373a8b4b85de6479337df4972598bb9725ca0113a

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 00:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

577fb9c310ef3b39b55c1d9a30ca7eb8.exe
Size

184KB
MD5

577fb9c310ef3b39b55c1d9a30ca7eb8
SHA1

c41d2e7863dc9bda5ad3b03d13f27d42fd5a9864
SHA256

8092ccc7c844eb9b3d3a6eb373a8b4b85de6479337df4972598bb9725ca0113a
SHA512

82f2fa39d9ef0610a12a4f832c03c175a10ca0955125da4c42bacacd1a3f0c3ab09850931ccf67c5089afdb798bf67e2b7f2c0782a28b5f82a80206595a01510
SSDEEP

3072:w5mloJIrjUA0SOjG2TCCzzFepsL6GOlS5DExbMdaC7lPQpF0:w5coel0Sx2eCzzSo+K7lPQpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 46 IoCs

pid	Process
2948	Unicorn-62605.exe
2940	Unicorn-30856.exe
2288	Unicorn-42368.exe
2156	Unicorn-16504.exe
2956	Unicorn-8202.exe
2236	Unicorn-10721.exe
584	Unicorn-26497.exe
564	Unicorn-38616.exe
1672	Unicorn-39778.exe
1196	Unicorn-47185.exe
2368	Unicorn-22390.exe
2620	Unicorn-3071.exe
332	Unicorn-56654.exe
1388	Unicorn-9336.exe
2548	Unicorn-54066.exe
112	Unicorn-3432.exe
2664	Unicorn-28266.exe
2292	Unicorn-62017.exe
2840	Unicorn-49004.exe
2756	Unicorn-6707.exe
2144	Unicorn-40796.exe
2520	Unicorn-21525.exe
368	Unicorn-11949.exe
2168	Unicorn-32642.exe
2796	Unicorn-2345.exe
2052	Unicorn-13250.exe
2680	Unicorn-28930.exe
1352	Unicorn-49256.exe
2204	Unicorn-51427.exe
984	Unicorn-41022.exe
1960	Unicorn-61750.exe
2748	Unicorn-63931.exe
2964	Unicorn-11808.exe
876	Unicorn-42568.exe
1524	Unicorn-24122.exe
2348	Unicorn-8864.exe
1868	Unicorn-50314.exe
2872	Unicorn-8907.exe
1696	Unicorn-30622.exe
956	Unicorn-22931.exe
996	Unicorn-1194.exe
1736	Unicorn-41767.exe
2588	Unicorn-2965.exe
1804	Unicorn-52910.exe
1756	Unicorn-44290.exe
760	Unicorn-55169.exe

Loads dropped DLL 64 IoCs

pid	Process
1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe
1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe
2948	Unicorn-62605.exe
2948	Unicorn-62605.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
2940	Unicorn-30856.exe
2940	Unicorn-30856.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2288	Unicorn-42368.exe
2288	Unicorn-42368.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2156	Unicorn-16504.exe
2156	Unicorn-16504.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
2956	Unicorn-8202.exe
2956	Unicorn-8202.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
2236	Unicorn-10721.exe
2236	Unicorn-10721.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
584	Unicorn-26497.exe
584	Unicorn-26497.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe

Program crash 47 IoCs

pid	pid_target	Process	procid_target
2492	1944	WerFault.exe	17
1420	2948	WerFault.exe	28
2696	2940	WerFault.exe	30
2560	2288	WerFault.exe	32
3024	2156	WerFault.exe	34
1380	2956	WerFault.exe	36
2924	2236	WerFault.exe	38
1620	584	WerFault.exe	40
1760	564	WerFault.exe	42
2444	1672	WerFault.exe	44
2012	1196	WerFault.exe	46
1192	2368	WerFault.exe	48
1084	2620	WerFault.exe	50
556	332	WerFault.exe	53
2184	1388	WerFault.exe	56
888	2548	WerFault.exe	58
1592	112	WerFault.exe	60
2032	2664	WerFault.exe	62
2744	2292	WerFault.exe	64
2580	2840	WerFault.exe	66
1780	2756	WerFault.exe	68
2996	2144	WerFault.exe	70
1908	2520	WerFault.exe	72
268	368	WerFault.exe	74
952	2168	WerFault.exe	76
1552	2796	WerFault.exe	78
1856	2052	WerFault.exe	80
1160	2680	WerFault.exe	82
1728	1352	WerFault.exe	84
1720	2204	WerFault.exe	86
1812	984	WerFault.exe	88
3056	1960	WerFault.exe	90
2464	2708	WerFault.exe	92
108	2748	WerFault.exe	94
2820	2964	WerFault.exe	96
628	876	WerFault.exe	98
2280	1524	WerFault.exe	100
1708	2348	WerFault.exe	102
2596	1868	WerFault.exe	104
2760	2872	WerFault.exe	106
1256	1696	WerFault.exe	108
908	956	WerFault.exe	110
2780	996	WerFault.exe	112
2064	1736	WerFault.exe	114
1912	2588	WerFault.exe	116
1040	1804	WerFault.exe	118
2028	1756	WerFault.exe	120

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe
2948	Unicorn-62605.exe
2940	Unicorn-30856.exe
2288	Unicorn-42368.exe
2156	Unicorn-16504.exe
2956	Unicorn-8202.exe
2236	Unicorn-10721.exe
584	Unicorn-26497.exe
564	Unicorn-38616.exe
1672	Unicorn-39778.exe
1196	Unicorn-47185.exe
2368	Unicorn-22390.exe
2620	Unicorn-3071.exe
332	Unicorn-56654.exe
1388	Unicorn-9336.exe
2548	Unicorn-54066.exe
112	Unicorn-3432.exe
2664	Unicorn-28266.exe
2292	Unicorn-62017.exe
2840	Unicorn-49004.exe
2756	Unicorn-6707.exe
2144	Unicorn-40796.exe
2520	Unicorn-21525.exe
368	Unicorn-11949.exe
2168	Unicorn-32642.exe
2796	Unicorn-2345.exe
2052	Unicorn-13250.exe
2680	Unicorn-28930.exe
1352	Unicorn-49256.exe
2204	Unicorn-51427.exe
984	Unicorn-41022.exe
2708	Unicorn-28896.exe
2748	Unicorn-63931.exe
2964	Unicorn-11808.exe
876	Unicorn-42568.exe
1524	Unicorn-24122.exe
2348	Unicorn-8864.exe
1868	Unicorn-50314.exe
2872	Unicorn-8907.exe
1696	Unicorn-30622.exe
956	Unicorn-22931.exe
996	Unicorn-1194.exe
1736	Unicorn-41767.exe
2588	Unicorn-2965.exe
1804	Unicorn-52910.exe
1756	Unicorn-44290.exe
760	Unicorn-55169.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2948	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	28
PID 1944 wrote to memory of 2948	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	28
PID 1944 wrote to memory of 2948	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	28
PID 1944 wrote to memory of 2948	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	28
PID 1944 wrote to memory of 2492	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	29
PID 1944 wrote to memory of 2492	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	29
PID 1944 wrote to memory of 2492	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	29
PID 1944 wrote to memory of 2492	1944	577fb9c310ef3b39b55c1d9a30ca7eb8.exe	29
PID 2948 wrote to memory of 2940	2948	Unicorn-62605.exe	30
PID 2948 wrote to memory of 2940	2948	Unicorn-62605.exe	30
PID 2948 wrote to memory of 2940	2948	Unicorn-62605.exe	30
PID 2948 wrote to memory of 2940	2948	Unicorn-62605.exe	30
PID 2948 wrote to memory of 1420	2948	Unicorn-62605.exe	31
PID 2948 wrote to memory of 1420	2948	Unicorn-62605.exe	31
PID 2948 wrote to memory of 1420	2948	Unicorn-62605.exe	31
PID 2948 wrote to memory of 1420	2948	Unicorn-62605.exe	31
PID 2940 wrote to memory of 2288	2940	Unicorn-30856.exe	32
PID 2940 wrote to memory of 2288	2940	Unicorn-30856.exe	32
PID 2940 wrote to memory of 2288	2940	Unicorn-30856.exe	32
PID 2940 wrote to memory of 2288	2940	Unicorn-30856.exe	32
PID 2940 wrote to memory of 2696	2940	Unicorn-30856.exe	33
PID 2940 wrote to memory of 2696	2940	Unicorn-30856.exe	33
PID 2940 wrote to memory of 2696	2940	Unicorn-30856.exe	33
PID 2940 wrote to memory of 2696	2940	Unicorn-30856.exe	33
PID 2288 wrote to memory of 2156	2288	Unicorn-42368.exe	34
PID 2288 wrote to memory of 2156	2288	Unicorn-42368.exe	34
PID 2288 wrote to memory of 2156	2288	Unicorn-42368.exe	34
PID 2288 wrote to memory of 2156	2288	Unicorn-42368.exe	34
PID 2288 wrote to memory of 2560	2288	Unicorn-42368.exe	35
PID 2288 wrote to memory of 2560	2288	Unicorn-42368.exe	35
PID 2288 wrote to memory of 2560	2288	Unicorn-42368.exe	35
PID 2288 wrote to memory of 2560	2288	Unicorn-42368.exe	35
PID 2156 wrote to memory of 2956	2156	Unicorn-16504.exe	36
PID 2156 wrote to memory of 2956	2156	Unicorn-16504.exe	36
PID 2156 wrote to memory of 2956	2156	Unicorn-16504.exe	36
PID 2156 wrote to memory of 2956	2156	Unicorn-16504.exe	36
PID 2156 wrote to memory of 3024	2156	Unicorn-16504.exe	37
PID 2156 wrote to memory of 3024	2156	Unicorn-16504.exe	37
PID 2156 wrote to memory of 3024	2156	Unicorn-16504.exe	37
PID 2156 wrote to memory of 3024	2156	Unicorn-16504.exe	37
PID 2956 wrote to memory of 2236	2956	Unicorn-8202.exe	38
PID 2956 wrote to memory of 2236	2956	Unicorn-8202.exe	38
PID 2956 wrote to memory of 2236	2956	Unicorn-8202.exe	38
PID 2956 wrote to memory of 2236	2956	Unicorn-8202.exe	38
PID 2956 wrote to memory of 1380	2956	Unicorn-8202.exe	39
PID 2956 wrote to memory of 1380	2956	Unicorn-8202.exe	39
PID 2956 wrote to memory of 1380	2956	Unicorn-8202.exe	39
PID 2956 wrote to memory of 1380	2956	Unicorn-8202.exe	39
PID 2236 wrote to memory of 584	2236	Unicorn-10721.exe	40
PID 2236 wrote to memory of 584	2236	Unicorn-10721.exe	40
PID 2236 wrote to memory of 584	2236	Unicorn-10721.exe	40
PID 2236 wrote to memory of 584	2236	Unicorn-10721.exe	40
PID 2236 wrote to memory of 2924	2236	Unicorn-10721.exe	41
PID 2236 wrote to memory of 2924	2236	Unicorn-10721.exe	41
PID 2236 wrote to memory of 2924	2236	Unicorn-10721.exe	41
PID 2236 wrote to memory of 2924	2236	Unicorn-10721.exe	41
PID 584 wrote to memory of 564	584	Unicorn-26497.exe	42
PID 584 wrote to memory of 564	584	Unicorn-26497.exe	42
PID 584 wrote to memory of 564	584	Unicorn-26497.exe	42
PID 584 wrote to memory of 564	584	Unicorn-26497.exe	42
PID 584 wrote to memory of 1620	584	Unicorn-26497.exe	43
PID 584 wrote to memory of 1620	584	Unicorn-26497.exe	43
PID 584 wrote to memory of 1620	584	Unicorn-26497.exe	43
PID 584 wrote to memory of 1620	584	Unicorn-26497.exe	43

C:\Users\Admin\AppData\Local\Temp\577fb9c310ef3b39b55c1d9a30ca7eb8.exe
"C:\Users\Admin\AppData\Local\Temp\577fb9c310ef3b39b55c1d9a30ca7eb8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        32⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        33⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30622.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        48⤵
        Program crash
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        47⤵
        Program crash
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        46⤵
        Program crash
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        45⤵
        Program crash
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        44⤵
        Program crash
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        43⤵
        Program crash
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        42⤵
        Program crash
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        41⤵
        Program crash
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        40⤵
        Program crash
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        39⤵
        Program crash
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        38⤵
        Program crash
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        37⤵
        Program crash
        
        PID:628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        36⤵
        Program crash
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        35⤵
        Program crash
        
        PID:108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        34⤵
        Program crash
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        33⤵
        Program crash
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
        32⤵
        Program crash
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        31⤵
        Program crash
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        30⤵
        Program crash
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        29⤵
        Program crash
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        28⤵
        Program crash
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        27⤵
        Program crash
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        26⤵
        Program crash
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 236
        25⤵
        Program crash
        
        PID:268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        24⤵
        Program crash
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        23⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        22⤵
        Program crash
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        21⤵
        Program crash
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        20⤵
        Program crash
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        19⤵
        Program crash
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
        18⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        17⤵
        Program crash
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        16⤵
        Program crash
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
        15⤵
        Program crash
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        14⤵
        Program crash
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        13⤵
        Program crash
        
        PID:1192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        12⤵
        Program crash
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        11⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        10⤵
        Program crash
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:3024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
  2⤵
  - Program crash
  PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe

Filesize
184KB

MD5
739f62f12295ac0f59baa2a1380f5196

SHA1
74fc49063094990be4ccda6fea6079b83c136ede

SHA256
1047ea2b0391d5ab936e421504cc87000d7395bb9747eb5797d08babc56f2b76

SHA512
50ae109f2495506431d409edf3eedcb00576e545f17c281d7fe00ffc9582031440428df68bfb296b0146c7c8848ebcd72adf8a8a3e6441e226018ec29a246797

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe

Filesize
184KB

MD5
fafcec7e02dbf4598a5f6e4007ffd937

SHA1
642c98c19a88972ce01bf65e9b99b61f955de96f

SHA256
57b1c9d8277287d93c0d177d56a0eeae8d85a2a5d7124dc18bba3e43fa6ab31a

SHA512
b1fda1c7ab7a3b8229daf8839ef14df610d26907ed9e19f5c4b673954d7b0e498e2754d6ba8d6b501a7ad13a0b322f138e8a610b9fb18912f86fcdf3b64b6a1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe

Filesize
184KB

MD5
e73e65f2bf7bc68ec3f9bb98febb4ffe

SHA1
b9718fede9626a4bfa3a0cbc015c53a9dfdc20b2

SHA256
57659f170e5b89630431d94053df7c39899d61fae912e78d4e134410675a5100

SHA512
92f06acbaa5cec015c67d58a860ec259bf968eae64b1ba1abafe4279c507f7f1bc9706f6bc0d629e223b9d001d64a88947b6d95935eedaa5139c283f0c38a65f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe

Filesize
184KB

MD5
0d99a846f887496220999b8416037cdd

SHA1
48b5dfe142abdc2c429a48879531e3618d5af31a

SHA256
434752ac8da5e2cdbc08d99b5c7d3527006c1b6a1f9e69cf903c72fa0181fc02

SHA512
5a7261462893402d912f6fa48d72b93da004e084ec815b16558f213375e5e77af03a382ec296e9647c4eace0ed2cb18911f8c90c39b0148b2b53b263525dc32c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe

Filesize
184KB

MD5
f1c5a80fdbd8e821568dfa07576e8287

SHA1
688ead169d97ae5604b62ef996f61487657a4e4c

SHA256
c2c63b5b376ad6ddcedede3b32753dc3c7bcb6c5dc376bc53ddc8596725e499f

SHA512
ef5e74dc3352690c9e085b892dfb537b1fb03a6327a3a40b7ab223141b751d79abed6b9a0e4c3565e32145fa1c1d05ca1321a67c3ee03722c35d109abb0dc748

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe

Filesize
184KB

MD5
0831c87791d21fc838d5a927c7b545c9

SHA1
ff91abfa0341cf72001aedd2d89ef3757e2c2aa3

SHA256
c9c9cdb36183e2dcbbd1aea497d948eeca0cc0ea9620189fdf0bb2171726b6cd

SHA512
0910a7294077b370829f6fd287cbb2dab0e6d499cfbe5a8f7ccb2042fb740257ea76ff3618ff33821c3587f4ac7d37cd99ec5fb8429050f4251073cb3c246ff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe

Filesize
184KB

MD5
dc204246815940b00fce80c9de4628f7

SHA1
a79f5222edb06e05fb71d3095e8bd0c5633d26fa

SHA256
5a0590377ce4845daad3ab13132803250acbcbc8c5aed27f3c3005bc52cd2cc9

SHA512
85ab27a8764225d45a15c987d9b5052e92b90833079e37bd426541897de84e2d0e7ff305f3a5ada9ead9051f635df574046fa307f5a07139760e6ce8ee03dc20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe

Filesize
184KB

MD5
5772232ca26cc1af20a9f49ab34d184f

SHA1
6b695dd495f4bd22d76136c50ea3c95b99ed5ffa

SHA256
b74d7aadc43f9f2035b16db0e62e653871d9e2ee2ceb6caea6fb8a1b558c27da

SHA512
bad0b59c62c14dbe70bef453cf6188f9438de087e04fe27883ea7bab8ba443a287d308488f4b8442e6abf5746b76026a594ece97f05b86e5596bfb6a38ac81d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads