84058cc1aae5f90707b53cc92bfb9f36c1c49a567ae643a7cf507419df1469c9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73f47eeb83b7f90305885295fb32ab48.exe
Size

184KB
MD5

73f47eeb83b7f90305885295fb32ab48
SHA1

f73e2447fe40b1ffba1707ca927ea7e8becf7c99
SHA256

84058cc1aae5f90707b53cc92bfb9f36c1c49a567ae643a7cf507419df1469c9
SHA512

b74f1a9267d2d46aa31d5e087d50844568ff299049abdf94fd4f8f4fc3c4287b0fa600404af249d7f83587ca1a70d81540dab81a4fe41d446d877bcebfbb0ef6
SSDEEP

3072:a4+ao31OfhApryjidle0wZFp3dm6cPfFepuxu5IPuNlPvpFB:a47o4Oprxdk0wZINMPNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
2808	Unicorn-6440.exe
2376	Unicorn-28994.exe
2708	Unicorn-58329.exe
1952	Unicorn-51443.exe
2628	Unicorn-14022.exe
1520	Unicorn-37567.exe
2408	Unicorn-7136.exe
2864	Unicorn-36471.exe
2004	Unicorn-40001.exe
1752	Unicorn-56913.exe
2900	Unicorn-53192.exe
1192	Unicorn-38448.exe
2356	Unicorn-36440.exe
2440	Unicorn-64282.exe
3028	Unicorn-64474.exe
812	Unicorn-15658.exe
1456	Unicorn-61329.exe
912	Unicorn-29996.exe
1880	Unicorn-11822.exe
1064	Unicorn-17037.exe
2360	Unicorn-4230.exe
1728	Unicorn-42871.exe
2548	Unicorn-31173.exe
1224	Unicorn-59207.exe
856	Unicorn-35087.exe
1164	Unicorn-31749.exe
2608	Unicorn-23961.exe
2348	Unicorn-44744.exe
2688	Unicorn-18040.exe
2552	Unicorn-6150.exe
840	Unicorn-52440.exe
2884	Unicorn-11983.exe
1348	Unicorn-31806.exe
1748	Unicorn-943.exe
1996	Unicorn-46423.exe
784	Unicorn-57627.exe
600	Unicorn-56475.exe
284	Unicorn-31779.exe
2820	Unicorn-53138.exe
1644	Unicorn-31779.exe
1664	Unicorn-53138.exe
1512	Unicorn-19994.exe
1760	Unicorn-128.exe
2276	Unicorn-28162.exe
2044	Unicorn-22490.exe
1052	Unicorn-61493.exe
2992	Unicorn-61493.exe
2008	Unicorn-41627.exe

Loads dropped DLL 64 IoCs

pid	Process
2416	73f47eeb83b7f90305885295fb32ab48.exe
2416	73f47eeb83b7f90305885295fb32ab48.exe
2808	Unicorn-6440.exe
2808	Unicorn-6440.exe
2416	73f47eeb83b7f90305885295fb32ab48.exe
2416	73f47eeb83b7f90305885295fb32ab48.exe
2808	Unicorn-6440.exe
2808	Unicorn-6440.exe
2376	Unicorn-28994.exe
2376	Unicorn-28994.exe
2708	Unicorn-58329.exe
2708	Unicorn-58329.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2628	Unicorn-14022.exe
2628	Unicorn-14022.exe
2376	Unicorn-28994.exe
2376	Unicorn-28994.exe
1952	Unicorn-51443.exe
1952	Unicorn-51443.exe
1520	Unicorn-37567.exe
1520	Unicorn-37567.exe
2708	Unicorn-58329.exe
2708	Unicorn-58329.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
2628	Unicorn-14022.exe
2628	Unicorn-14022.exe
1520	Unicorn-37567.exe
1520	Unicorn-37567.exe
1752	Unicorn-56913.exe
1752	Unicorn-56913.exe
2004	Unicorn-40001.exe
2004	Unicorn-40001.exe
2900	Unicorn-53192.exe
2900	Unicorn-53192.exe
1952	Unicorn-51443.exe
1952	Unicorn-51443.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe

Program crash 37 IoCs

pid	pid_target	Process	procid_target
1892	2416	WerFault.exe	1
2944	2808	WerFault.exe	28
2920	2708	WerFault.exe	30
1376	2408	WerFault.exe	36
2168	2628	WerFault.exe	33
1784	1520	WerFault.exe	34
1548	1952	WerFault.exe	32
2824	1752	WerFault.exe	37
2236	2004	WerFault.exe	38
2700	2900	WerFault.exe	40
2760	2376	WerFault.exe	29
2128	1192	WerFault.exe	43
1908	2440	WerFault.exe	45
1820	812	WerFault.exe	47
1800	2356	WerFault.exe	44
972	3028	WerFault.exe	46
2468	2608	WerFault.exe	64
1940	2548	WerFault.exe	59
2752	1164	WerFault.exe	60
1680	1728	WerFault.exe	56
1676	912	WerFault.exe	52
272	1224	WerFault.exe	57
2396	2688	WerFault.exe	66
1504	2552	WerFault.exe	67
1180	2348	WerFault.exe	65
1004	2360	WerFault.exe	55
1048	1348	WerFault.exe	71
2332	1064	WerFault.exe	54
1812	1880	WerFault.exe	53
1904	1996	WerFault.exe	73
2344	840	WerFault.exe	68
3192	856	WerFault.exe	58
3184	1456	WerFault.exe	48
3328	2884	WerFault.exe	70
3664	600	WerFault.exe	75
3728	892	WerFault.exe	92
3992	1644	WerFault.exe	77

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2416	73f47eeb83b7f90305885295fb32ab48.exe
2808	Unicorn-6440.exe
2376	Unicorn-28994.exe
2708	Unicorn-58329.exe
2628	Unicorn-14022.exe
1952	Unicorn-51443.exe
1520	Unicorn-37567.exe
2864	Unicorn-36471.exe
2408	Unicorn-7136.exe
2004	Unicorn-40001.exe
1752	Unicorn-56913.exe
2900	Unicorn-53192.exe
1192	Unicorn-38448.exe
812	Unicorn-15658.exe
2440	Unicorn-64282.exe
3028	Unicorn-64474.exe
2356	Unicorn-36440.exe
1456	Unicorn-61329.exe
912	Unicorn-29996.exe
1880	Unicorn-11822.exe
1064	Unicorn-17037.exe
2360	Unicorn-4230.exe
1728	Unicorn-42871.exe
1164	Unicorn-31749.exe
2548	Unicorn-31173.exe
1224	Unicorn-59207.exe
856	Unicorn-35087.exe
2608	Unicorn-23961.exe
2348	Unicorn-44744.exe
2688	Unicorn-18040.exe
2552	Unicorn-6150.exe
840	Unicorn-52440.exe
2884	Unicorn-11983.exe
1348	Unicorn-31806.exe
1996	Unicorn-46423.exe
600	Unicorn-56475.exe
784	Unicorn-57627.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2808	2416	73f47eeb83b7f90305885295fb32ab48.exe	28
PID 2416 wrote to memory of 2808	2416	73f47eeb83b7f90305885295fb32ab48.exe	28
PID 2416 wrote to memory of 2808	2416	73f47eeb83b7f90305885295fb32ab48.exe	28
PID 2416 wrote to memory of 2808	2416	73f47eeb83b7f90305885295fb32ab48.exe	28
PID 2808 wrote to memory of 2376	2808	Unicorn-6440.exe	29
PID 2808 wrote to memory of 2376	2808	Unicorn-6440.exe	29
PID 2808 wrote to memory of 2376	2808	Unicorn-6440.exe	29
PID 2808 wrote to memory of 2376	2808	Unicorn-6440.exe	29
PID 2416 wrote to memory of 2708	2416	73f47eeb83b7f90305885295fb32ab48.exe	30
PID 2416 wrote to memory of 2708	2416	73f47eeb83b7f90305885295fb32ab48.exe	30
PID 2416 wrote to memory of 2708	2416	73f47eeb83b7f90305885295fb32ab48.exe	30
PID 2416 wrote to memory of 2708	2416	73f47eeb83b7f90305885295fb32ab48.exe	30
PID 2416 wrote to memory of 1892	2416	73f47eeb83b7f90305885295fb32ab48.exe	31
PID 2416 wrote to memory of 1892	2416	73f47eeb83b7f90305885295fb32ab48.exe	31
PID 2416 wrote to memory of 1892	2416	73f47eeb83b7f90305885295fb32ab48.exe	31
PID 2416 wrote to memory of 1892	2416	73f47eeb83b7f90305885295fb32ab48.exe	31
PID 2808 wrote to memory of 1952	2808	Unicorn-6440.exe	32
PID 2808 wrote to memory of 1952	2808	Unicorn-6440.exe	32
PID 2808 wrote to memory of 1952	2808	Unicorn-6440.exe	32
PID 2808 wrote to memory of 1952	2808	Unicorn-6440.exe	32
PID 2376 wrote to memory of 2628	2376	Unicorn-28994.exe	33
PID 2376 wrote to memory of 2628	2376	Unicorn-28994.exe	33
PID 2376 wrote to memory of 2628	2376	Unicorn-28994.exe	33
PID 2376 wrote to memory of 2628	2376	Unicorn-28994.exe	33
PID 2708 wrote to memory of 1520	2708	Unicorn-58329.exe	34
PID 2708 wrote to memory of 1520	2708	Unicorn-58329.exe	34
PID 2708 wrote to memory of 1520	2708	Unicorn-58329.exe	34
PID 2708 wrote to memory of 1520	2708	Unicorn-58329.exe	34
PID 2808 wrote to memory of 2944	2808	Unicorn-6440.exe	35
PID 2808 wrote to memory of 2944	2808	Unicorn-6440.exe	35
PID 2808 wrote to memory of 2944	2808	Unicorn-6440.exe	35
PID 2808 wrote to memory of 2944	2808	Unicorn-6440.exe	35
PID 2628 wrote to memory of 2408	2628	Unicorn-14022.exe	36
PID 2628 wrote to memory of 2408	2628	Unicorn-14022.exe	36
PID 2628 wrote to memory of 2408	2628	Unicorn-14022.exe	36
PID 2628 wrote to memory of 2408	2628	Unicorn-14022.exe	36
PID 2376 wrote to memory of 2864	2376	Unicorn-28994.exe	39
PID 2376 wrote to memory of 2864	2376	Unicorn-28994.exe	39
PID 2376 wrote to memory of 2864	2376	Unicorn-28994.exe	39
PID 2376 wrote to memory of 2864	2376	Unicorn-28994.exe	39
PID 1952 wrote to memory of 2004	1952	Unicorn-51443.exe	38
PID 1952 wrote to memory of 2004	1952	Unicorn-51443.exe	38
PID 1952 wrote to memory of 2004	1952	Unicorn-51443.exe	38
PID 1952 wrote to memory of 2004	1952	Unicorn-51443.exe	38
PID 1520 wrote to memory of 1752	1520	Unicorn-37567.exe	37
PID 1520 wrote to memory of 1752	1520	Unicorn-37567.exe	37
PID 1520 wrote to memory of 1752	1520	Unicorn-37567.exe	37
PID 1520 wrote to memory of 1752	1520	Unicorn-37567.exe	37
PID 2708 wrote to memory of 2900	2708	Unicorn-58329.exe	40
PID 2708 wrote to memory of 2900	2708	Unicorn-58329.exe	40
PID 2708 wrote to memory of 2900	2708	Unicorn-58329.exe	40
PID 2708 wrote to memory of 2900	2708	Unicorn-58329.exe	40
PID 2708 wrote to memory of 2920	2708	Unicorn-58329.exe	41
PID 2708 wrote to memory of 2920	2708	Unicorn-58329.exe	41
PID 2708 wrote to memory of 2920	2708	Unicorn-58329.exe	41
PID 2708 wrote to memory of 2920	2708	Unicorn-58329.exe	41
PID 2408 wrote to memory of 1376	2408	Unicorn-7136.exe	42
PID 2408 wrote to memory of 1376	2408	Unicorn-7136.exe	42
PID 2408 wrote to memory of 1376	2408	Unicorn-7136.exe	42
PID 2408 wrote to memory of 1376	2408	Unicorn-7136.exe	42
PID 2628 wrote to memory of 1192	2628	Unicorn-14022.exe	43
PID 2628 wrote to memory of 1192	2628	Unicorn-14022.exe	43
PID 2628 wrote to memory of 1192	2628	Unicorn-14022.exe	43
PID 2628 wrote to memory of 1192	2628	Unicorn-14022.exe	43

C:\Users\Admin\AppData\Local\Temp\73f47eeb83b7f90305885295fb32ab48.exe
"C:\Users\Admin\AppData\Local\Temp\73f47eeb83b7f90305885295fb32ab48.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 244
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        8⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 372
        8⤵
        Program crash
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
        7⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        8⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 380
        7⤵
        Program crash
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        7⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 380
        7⤵
        Program crash
        
        PID:1180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 380
        6⤵
        Program crash
        
        PID:2128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 376
      4⤵
      Program crash
      PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        8⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 380
        8⤵
        Program crash
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        7⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 380
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        Executes dropped EXE
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 380
        7⤵
        Program crash
        
        PID:1504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 380
        6⤵
        Program crash
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 380
        7⤵
        Program crash
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        
        PID:892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 348
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 372
        6⤵
        Program crash
        
        PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 368
        5⤵
        Program crash
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        6⤵
        Executes dropped EXE
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 384
        7⤵
        Program crash
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 380
        6⤵
        Program crash
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        5⤵
        Executes dropped EXE
        
        PID:1664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 380
        5⤵
        Program crash
        
        PID:3184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 376
      4⤵
      Program crash
      PID:1548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        7⤵
        Executes dropped EXE
        
        PID:284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 380
        7⤵
        Program crash
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        6⤵
        Executes dropped EXE
        
        PID:2820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 372
        6⤵
        Program crash
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 380
        6⤵
        Program crash
        
        PID:2752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 376
        5⤵
        Program crash
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        6⤵
        Executes dropped EXE
        
        PID:1748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 372
        6⤵
        Program crash
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        6⤵
        
        PID:1368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 380
        6⤵
        Program crash
        
        PID:1904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 380
        5⤵
        Program crash
        
        PID:1800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 360
      4⤵
      Program crash
      PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 372
        7⤵
        Program crash
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        
        PID:1472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 372
        6⤵
        Program crash
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        6⤵
        
        PID:1104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 380
        6⤵
        Program crash
        
        PID:1048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 380
        5⤵
        Program crash
        
        PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 380
        6⤵
        Program crash
        
        PID:3664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 380
        5⤵
        Program crash
        
        PID:1940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 368
      4⤵
      Program crash
      PID:2700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 376
  2⤵
  - Program crash
  PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe

Filesize
184KB

MD5
5fcaca758fdeb975e180db088cdf4c44

SHA1
db7a1de6ce1aae7df5ef01ca90b834eb7e081941

SHA256
68fb0adf15ac4492828a30b7ae976d4edf7bef47af091fb57108d420602bdecd

SHA512
6469c8ae3325fcdcf90a3a733c2817619caf31e0f445aab882a7546662be4d22ab8a9d614020f6b876f8b708196db27057e7cc6ee68bf96ce7bd81333c598d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe

Filesize
184KB

MD5
753f827c34bb5587b6b632859cfc18a4

SHA1
59ca0932895358f6ed03d85b8bc7a03533238422

SHA256
ebb9dc8f19bbdfb429fa1f69bc491d42dd5148eb08d047dd0eaa273aa09bf96f

SHA512
59c127bed1fe1f28ee6e3294652f6bb53929ec0590e613640351b44e40f57c85a6e875408d0120cc771ad4eecd209be1da8b0a00cd0af7f576d830a149061586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe

Filesize
184KB

MD5
763bc862bd06b16ad5db915fe726a260

SHA1
2c547e0cbfccf3d2e35271a4dff1e01c99f2bfe7

SHA256
846b4627b6c8a330e6a19ebb2359380368d8b94fd8135f860e0dde0adca58432

SHA512
429fcc3f8fe65a4dca3132ae184425ab3ffb214619e0b4e02ad4cf5f9ac5a63b9158ed08133edb0bed6e0dfe40a2fd05ddd7bf894b3e3380630d6270a00bab2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe

Filesize
184KB

MD5
1a3cbf8eeff48e1e8ccb63ff887ee98e

SHA1
e79a7695b9cf0a2deebeefa0db0d93ba0f1e8d7b

SHA256
accef64132c0c7f1500ff55830e3d9833ddfb0346d7c63eeb7ab34b868000d11

SHA512
84f06598987641f8632730ed4f000b4b8cf6a6b34436c4fbf9d3a24289c3d8ed65aaeb63ace63aa7b37e11f9c9c4951dcf1b1632593627d993ad0b5b418382bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe

Filesize
184KB

MD5
e0aabd81895d72fa542f590270fe692e

SHA1
49cb1490dce7d4d80e187da871d3c77496451ae4

SHA256
3bfe6eda902f0c407676732e4ca7f0cac8bf9847c990448807013f739cfdaecf

SHA512
49010511ade964b35a242ca606ba12b7d141edb7e4d2ee5de3dba80e8576c308267a8a835741c90ff717c179b9854900e14f9ca7dede98a52961f99165706c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe

Filesize
64KB

MD5
3b684fa0713fa32450cce56c505b852d

SHA1
4daf5d792c1c008f23dfa2638c488d7c0ba7b11c

SHA256
a99c044cc46aed41a32cb7e971de9d8ba109449c7e7ae45cef54b1cf5b5aafb5

SHA512
ec4b700048c8901155d26e9a74ce2d1c486d18cef511ef4b9c411fecdd4a9daac6eaa59c9c645d413386f156666069ba795bd16bbd1fc4a01a85d1b2058b658b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe

Filesize
184KB

MD5
721bdba21067181fb38e97e51e03a364

SHA1
7ae9cc20ab3f0278f0059f82ac39ea0bf63f48f6

SHA256
6605fbdf1928dff8f810195138631473af6e8d53fccf1d48c7752768859b4568

SHA512
82a1d55a8099f2edac9090463cc4e8e82c574852dc750154999d23141c6321f0a7c8f6a4c61e1897f8fe629e6b88b30b6f22954b81011742ce47e814fca898dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe

Filesize
184KB

MD5
4f59a253e3158c8754675d4978b5b350

SHA1
7b04129fa35f88e21c3b19883222174ace85156d

SHA256
34444ed1c38ecee8003f43b8a6fe1c024e65c12d74f8c19af32812f84302b187

SHA512
1864ae66d3a22b7d11d3c0b0563f615ba66f7c62dbd117c467b2e9e324547703cacf67d8539557610e6bb8ed4379ba684b464d0ff4c8c84637a25e90273eca4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe

Filesize
184KB

MD5
655ac7369347f2d58754980b45b20b2f

SHA1
3cfe9ecb55ca5a2ced25dda0c7b1c148f13130ef

SHA256
c485fded75b7096f484573437f60706364b482d6b6ace25cb94400bb824b0797

SHA512
660c68b0b1df5c9648617226c9506fdc4e81b236d07095dfca0653c0cb0b573fabb6e036921cc20c840e98aba7a9249d54d644295b8fba7254ec066dea130bb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe

Filesize
184KB

MD5
d95372c5fbcc2154145298a50d951551

SHA1
141084cca92c7467b860f35874d6f9a4399e8c40

SHA256
4af5c6c3a0d91661d49cf85f86a010e212f8358c834abc38bede357cbb0f2a4e

SHA512
b912717794688c54ae1689d70f1f5d8d01900d4164d9859e325adc789307f2b5cf73f0d64b2d4b54da84f1eab4d1d888b50d593e905d443756b4c355135cc87e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe

Filesize
184KB

MD5
177cb268eabd0051cefa966453fc49d9

SHA1
b1a36e332298d2f936c16ae732353140636b4156

SHA256
8b38e85adf5f0760aa005f40198350f8dfd80473bd56d1e42f393ea9f37e0895

SHA512
5a36430676fe502af9a8f13ae712cdd01b08eb3b2b8d4878d7741c6fcc3a0dcdc0024a0e842c398edc3b479a985bc957d1a7ce494281037b7ba5001bffff77e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe

Filesize
152KB

MD5
eb28476a7ace752afe6ed7be8da74410

SHA1
7655aef87a3be7f55a2a4364d32a31c09587032a

SHA256
7fbf002203219e43f6472e49ad219874ac0c4733b26d7fee8ea5396a04bfda45

SHA512
6acda41d4c6408d7926e96623663e88fe9ad1ceef5cfd0e24f199dd2592b15297fe0579bf6d2970a08bc183e0e516bd646eb521d7d4b4dafb82c5c4ae4faa1d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe

Filesize
184KB

MD5
debcb35a9253455e60326f8bcac261e4

SHA1
b44418f30da7626a5154166a4f5ecbc541372099

SHA256
4b8556d0f44acba50bb9e6608ba6734127119a98f4dd62979dfc9e8b4ad54258

SHA512
1e2ea70abb5d5a5d14d0626adb0c63c1bc8b009907e6f780ddf32d2666105b5add8292c7b06475da3cdbe64c3757dc57d16743c893c6a8f6319e6cf0f7e65a0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads