420a31600c82c4e81b99bf399526d286cb8e903a7119ff65728dba88b0b822e9

Analysis

max time kernel
50s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-01-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7eb306741817a48e766832d88bec8e68.exe
Size

184KB
MD5

7eb306741817a48e766832d88bec8e68
SHA1

7b168a70538ae289db5857c0927301920366e802
SHA256

420a31600c82c4e81b99bf399526d286cb8e903a7119ff65728dba88b0b822e9
SHA512

0a61fe2a12f8591fb35b5086b5e3fe7f1b9b73aecc7579f0957b2effcacf4b6fc1f7199096efffcec4164781ca8f089bc5a6cb617a9c9788762fbb01c07c08f1
SSDEEP

3072:0dzvocRMq4AVseNlMzZ3JecFL194Mi10/znrxDJPYFylP6pFb:0dzo6ZVsYMRJecwS5aylP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 62 IoCs

pid	Process
2212	Unicorn-61736.exe
2044	Unicorn-62748.exe
2548	Unicorn-11087.exe
2080	Unicorn-6905.exe
2620	Unicorn-51700.exe
2572	Unicorn-6028.exe
1924	Unicorn-8218.exe
812	Unicorn-41083.exe
1940	Unicorn-21217.exe
1492	Unicorn-37361.exe
2264	Unicorn-46924.exe
2000	Unicorn-10530.exe
2136	Unicorn-46732.exe
796	Unicorn-10338.exe
1452	Unicorn-14936.exe
1060	Unicorn-34153.exe
2104	Unicorn-48813.exe
1500	Unicorn-12611.exe
1560	Unicorn-48621.exe
2376	Unicorn-7417.exe
916	Unicorn-39021.exe
2868	Unicorn-19155.exe
2156	Unicorn-38829.exe
3064	Unicorn-5772.exe
3016	Unicorn-52321.exe
908	Unicorn-3120.exe
1232	Unicorn-22270.exe
2656	Unicorn-38833.exe
2696	Unicorn-8237.exe
2628	Unicorn-57931.exe
2464	Unicorn-23998.exe
2916	Unicorn-56706.exe
2944	Unicorn-56706.exe
2760	Unicorn-60235.exe
1728	Unicorn-23649.exe
944	Unicorn-43515.exe
2712	Unicorn-27672.exe
1324	Unicorn-26219.exe
1736	Unicorn-6353.exe
1640	Unicorn-10759.exe
1212	Unicorn-40495.exe
2432	Unicorn-27173.exe
2424	Unicorn-13982.exe
1544	Unicorn-43811.exe
1676	Unicorn-63676.exe
1648	Unicorn-635.exe
2384	Unicorn-33308.exe
2972	Unicorn-29778.exe
800	Unicorn-12674.exe
956	Unicorn-18425.exe
1540	Unicorn-18425.exe
2660	Unicorn-13110.exe
2500	Unicorn-1647.exe
2668	Unicorn-47319.exe
1584	Unicorn-16557.exe
2488	Unicorn-29062.exe
2640	Unicorn-65264.exe
876	Unicorn-45399.exe
2232	Unicorn-48388.exe
2680	Unicorn-51917.exe
2756	Unicorn-25514.exe
1484	Unicorn-25806.exe

Loads dropped DLL 64 IoCs

pid	Process
2948	7eb306741817a48e766832d88bec8e68.exe
2948	7eb306741817a48e766832d88bec8e68.exe
2212	Unicorn-61736.exe
2212	Unicorn-61736.exe
2948	7eb306741817a48e766832d88bec8e68.exe
2948	7eb306741817a48e766832d88bec8e68.exe
2044	Unicorn-62748.exe
2548	Unicorn-11087.exe
2044	Unicorn-62748.exe
2548	Unicorn-11087.exe
2212	Unicorn-61736.exe
2212	Unicorn-61736.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2572	Unicorn-6028.exe
2572	Unicorn-6028.exe
2620	Unicorn-51700.exe
2548	Unicorn-11087.exe
2620	Unicorn-51700.exe
2548	Unicorn-11087.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2044	Unicorn-62748.exe
2748	WerFault.exe
2044	Unicorn-62748.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1924	Unicorn-8218.exe
1924	Unicorn-8218.exe
2572	Unicorn-6028.exe
2572	Unicorn-6028.exe
812	Unicorn-41083.exe
812	Unicorn-41083.exe
2620	Unicorn-51700.exe
2620	Unicorn-51700.exe
1940	Unicorn-21217.exe
1940	Unicorn-21217.exe
1492	Unicorn-37361.exe
1492	Unicorn-37361.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe

Program crash 53 IoCs

pid	pid_target	Process	procid_target
2652	2948	WerFault.exe	1
2824	2212	WerFault.exe	28
2748	2080	WerFault.exe	32
2164	2044	WerFault.exe	29
1552	2548	WerFault.exe	30
1888	2572	WerFault.exe	33
1304	2620	WerFault.exe	34
2368	1560	WerFault.exe	53
1904	1924	WerFault.exe	36
1376	812	WerFault.exe	40
2584	1940	WerFault.exe	38
2580	1492	WerFault.exe	39
1964	2264	WerFault.exe	43
2928	2136	WerFault.exe	45
2912	1452	WerFault.exe	47
864	1060	WerFault.exe	48
2752	2104	WerFault.exe	51
1436	908	WerFault.exe	60
2540	1212	WerFault.exe	81
1208	2432	WerFault.exe	83
1992	796	WerFault.exe	46
1684	2628	WerFault.exe	69
2456	916	WerFault.exe	55
2484	1500	WerFault.exe	52
2816	2656	WerFault.exe	66
3104	2696	WerFault.exe	68
3128	2464	WerFault.exe	70
3120	1728	WerFault.exe	74
3156	2156	WerFault.exe	57
3196	2760	WerFault.exe	73
3188	2944	WerFault.exe	72
3204	2868	WerFault.exe	56
3180	944	WerFault.exe	75
3216	3064	WerFault.exe	58
3240	3016	WerFault.exe	59
3232	2000	WerFault.exe	44
3272	2376	WerFault.exe	54
3300	1736	WerFault.exe	77
3384	1232	WerFault.exe	64
3484	2712	WerFault.exe	76
3636	1640	WerFault.exe	79
3704	1324	WerFault.exe	78
3908	1544	WerFault.exe	87
1480	2640	WerFault.exe	95
3540	800	WerFault.exe	92
588	1540	WerFault.exe	94
2704	2232	WerFault.exe	102
3760	2680	WerFault.exe	104
1588	3952	WerFault.exe	136
3400	2488	WerFault.exe	97
1440	2384	WerFault.exe	91
3524	3676	WerFault.exe	138
2832	2668	WerFault.exe	100

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2948	7eb306741817a48e766832d88bec8e68.exe
2212	Unicorn-61736.exe
2044	Unicorn-62748.exe
2548	Unicorn-11087.exe
2572	Unicorn-6028.exe
2080	Unicorn-6905.exe
2620	Unicorn-51700.exe
1924	Unicorn-8218.exe
812	Unicorn-41083.exe
1940	Unicorn-21217.exe
1492	Unicorn-37361.exe
2264	Unicorn-46924.exe
2000	Unicorn-10530.exe
2136	Unicorn-46732.exe
796	Unicorn-10338.exe
1452	Unicorn-14936.exe
1060	Unicorn-34153.exe
2104	Unicorn-48813.exe
1500	Unicorn-12611.exe
1560	Unicorn-48621.exe
916	Unicorn-39021.exe
2376	Unicorn-7417.exe
2156	Unicorn-38829.exe
2868	Unicorn-19155.exe
3064	Unicorn-5772.exe
3016	Unicorn-52321.exe
908	Unicorn-3120.exe
1232	Unicorn-22270.exe
2656	Unicorn-38833.exe
2696	Unicorn-8237.exe
2628	Unicorn-57931.exe
2464	Unicorn-23998.exe
2944	Unicorn-56706.exe
2916	Unicorn-56706.exe
1728	Unicorn-23649.exe
944	Unicorn-43515.exe
2760	Unicorn-60235.exe
2712	Unicorn-27672.exe
1324	Unicorn-26219.exe
1736	Unicorn-6353.exe
1640	Unicorn-10759.exe
1212	Unicorn-40495.exe
2432	Unicorn-27173.exe
2424	Unicorn-13982.exe
800	Unicorn-12674.exe
876	Unicorn-45399.exe
1544	Unicorn-43811.exe
2384	Unicorn-33308.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2212	2948	7eb306741817a48e766832d88bec8e68.exe	28
PID 2948 wrote to memory of 2212	2948	7eb306741817a48e766832d88bec8e68.exe	28
PID 2948 wrote to memory of 2212	2948	7eb306741817a48e766832d88bec8e68.exe	28
PID 2948 wrote to memory of 2212	2948	7eb306741817a48e766832d88bec8e68.exe	28
PID 2212 wrote to memory of 2044	2212	Unicorn-61736.exe	29
PID 2212 wrote to memory of 2044	2212	Unicorn-61736.exe	29
PID 2212 wrote to memory of 2044	2212	Unicorn-61736.exe	29
PID 2212 wrote to memory of 2044	2212	Unicorn-61736.exe	29
PID 2948 wrote to memory of 2548	2948	7eb306741817a48e766832d88bec8e68.exe	30
PID 2948 wrote to memory of 2548	2948	7eb306741817a48e766832d88bec8e68.exe	30
PID 2948 wrote to memory of 2548	2948	7eb306741817a48e766832d88bec8e68.exe	30
PID 2948 wrote to memory of 2548	2948	7eb306741817a48e766832d88bec8e68.exe	30
PID 2948 wrote to memory of 2652	2948	7eb306741817a48e766832d88bec8e68.exe	31
PID 2948 wrote to memory of 2652	2948	7eb306741817a48e766832d88bec8e68.exe	31
PID 2948 wrote to memory of 2652	2948	7eb306741817a48e766832d88bec8e68.exe	31
PID 2948 wrote to memory of 2652	2948	7eb306741817a48e766832d88bec8e68.exe	31
PID 2044 wrote to memory of 2080	2044	Unicorn-62748.exe	32
PID 2044 wrote to memory of 2080	2044	Unicorn-62748.exe	32
PID 2044 wrote to memory of 2080	2044	Unicorn-62748.exe	32
PID 2044 wrote to memory of 2080	2044	Unicorn-62748.exe	32
PID 2548 wrote to memory of 2572	2548	Unicorn-11087.exe	33
PID 2548 wrote to memory of 2572	2548	Unicorn-11087.exe	33
PID 2548 wrote to memory of 2572	2548	Unicorn-11087.exe	33
PID 2548 wrote to memory of 2572	2548	Unicorn-11087.exe	33
PID 2212 wrote to memory of 2620	2212	Unicorn-61736.exe	34
PID 2212 wrote to memory of 2620	2212	Unicorn-61736.exe	34
PID 2212 wrote to memory of 2620	2212	Unicorn-61736.exe	34
PID 2212 wrote to memory of 2620	2212	Unicorn-61736.exe	34
PID 2212 wrote to memory of 2824	2212	Unicorn-61736.exe	35
PID 2212 wrote to memory of 2824	2212	Unicorn-61736.exe	35
PID 2212 wrote to memory of 2824	2212	Unicorn-61736.exe	35
PID 2212 wrote to memory of 2824	2212	Unicorn-61736.exe	35
PID 2572 wrote to memory of 1924	2572	Unicorn-6028.exe	36
PID 2572 wrote to memory of 1924	2572	Unicorn-6028.exe	36
PID 2572 wrote to memory of 1924	2572	Unicorn-6028.exe	36
PID 2572 wrote to memory of 1924	2572	Unicorn-6028.exe	36
PID 2080 wrote to memory of 2748	2080	Unicorn-6905.exe	37
PID 2080 wrote to memory of 2748	2080	Unicorn-6905.exe	37
PID 2080 wrote to memory of 2748	2080	Unicorn-6905.exe	37
PID 2080 wrote to memory of 2748	2080	Unicorn-6905.exe	37
PID 2620 wrote to memory of 812	2620	Unicorn-51700.exe	40
PID 2620 wrote to memory of 812	2620	Unicorn-51700.exe	40
PID 2620 wrote to memory of 812	2620	Unicorn-51700.exe	40
PID 2620 wrote to memory of 812	2620	Unicorn-51700.exe	40
PID 2548 wrote to memory of 1940	2548	Unicorn-11087.exe	38
PID 2548 wrote to memory of 1940	2548	Unicorn-11087.exe	38
PID 2548 wrote to memory of 1940	2548	Unicorn-11087.exe	38
PID 2548 wrote to memory of 1940	2548	Unicorn-11087.exe	38
PID 2044 wrote to memory of 1492	2044	Unicorn-62748.exe	39
PID 2044 wrote to memory of 1492	2044	Unicorn-62748.exe	39
PID 2044 wrote to memory of 1492	2044	Unicorn-62748.exe	39
PID 2044 wrote to memory of 1492	2044	Unicorn-62748.exe	39
PID 2044 wrote to memory of 2164	2044	Unicorn-62748.exe	41
PID 2044 wrote to memory of 2164	2044	Unicorn-62748.exe	41
PID 2044 wrote to memory of 2164	2044	Unicorn-62748.exe	41
PID 2044 wrote to memory of 2164	2044	Unicorn-62748.exe	41
PID 2548 wrote to memory of 1552	2548	Unicorn-11087.exe	42
PID 2548 wrote to memory of 1552	2548	Unicorn-11087.exe	42
PID 2548 wrote to memory of 1552	2548	Unicorn-11087.exe	42
PID 2548 wrote to memory of 1552	2548	Unicorn-11087.exe	42
PID 1924 wrote to memory of 2264	1924	Unicorn-8218.exe	43
PID 1924 wrote to memory of 2264	1924	Unicorn-8218.exe	43
PID 1924 wrote to memory of 2264	1924	Unicorn-8218.exe	43
PID 1924 wrote to memory of 2264	1924	Unicorn-8218.exe	43

C:\Users\Admin\AppData\Local\Temp\7eb306741817a48e766832d88bec8e68.exe
"C:\Users\Admin\AppData\Local\Temp\7eb306741817a48e766832d88bec8e68.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        8⤵
        Executes dropped EXE
        
        PID:1584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 380
        8⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 380
        7⤵
        Program crash
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        7⤵
        Executes dropped EXE
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 380
        7⤵
        Program crash
        
        PID:3120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 376
        6⤵
        Program crash
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        7⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 372
        7⤵
        Program crash
        
        PID:3636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 380
        6⤵
        Program crash
        
        PID:1436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 376
        5⤵
        Program crash
        
        PID:2580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        8⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 380
        8⤵
        Program crash
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        7⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 380
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        Executes dropped EXE
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        9⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 380
        9⤵
        Program crash
        
        PID:1588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 380
        8⤵
        Program crash
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 380
        7⤵
        Program crash
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 368
        6⤵
        Program crash
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        7⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        8⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 380
        9⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 380
        8⤵
        Program crash
        
        PID:588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 380
        7⤵
        Program crash
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        6⤵
        Executes dropped EXE
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        7⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 380
        7⤵
        Program crash
        
        PID:3400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 372
        6⤵
        Program crash
        
        PID:3204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 380
        5⤵
        Program crash
        
        PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        8⤵
        
        PID:540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 360
        8⤵
        Program crash
        
        PID:1440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 380
        7⤵
        Program crash
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        7⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 380
        7⤵
        Program crash
        
        PID:3540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 372
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 372
        5⤵
        Program crash
        
        PID:1992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 376
      4⤵
      Program crash
      PID:1304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 380
        9⤵
        Program crash
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        8⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        9⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 380
        9⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 380
        8⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 380
        8⤵
        Program crash
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 380
        7⤵
        Program crash
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        7⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 380
        7⤵
        Program crash
        
        PID:2816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 376
        6⤵
        Program crash
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 372
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        7⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 380
        7⤵
        Program crash
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 372
        6⤵
        Program crash
        
        PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 376
        5⤵
        Program crash
        
        PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 200
        6⤵
        Program crash
        
        PID:2368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 380
        5⤵
        Program crash
        
        PID:3232
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        7⤵
        Executes dropped EXE
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 380
        7⤵
        Program crash
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        6⤵
        Executes dropped EXE
        
        PID:2660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 384
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        6⤵
        Executes dropped EXE
        
        PID:1484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 380
        6⤵
        Program crash
        
        PID:3300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 368
        5⤵
        Program crash
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        6⤵
        Executes dropped EXE
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        7⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 380
        7⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 380
        6⤵
        Program crash
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        5⤵
        Executes dropped EXE
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        6⤵
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 380
        6⤵
        Program crash
        
        PID:2704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 380
        5⤵
        Program crash
        
        PID:3240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 368
      4⤵
      Program crash
      PID:2584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 380
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe

Filesize
184KB

MD5
d597376e8796e9d5e03012a3481e2c91

SHA1
aea2704fffc05f31afd988299816747674bc1912

SHA256
7c0a7470719eae0e4f2a7407f87d0b7943f146e0e6cf68f1b57c650934b90241

SHA512
d2b7fe757b696e6b375a7b7ba4b38e6ab127d4cf53a62ff6bb1aa9fddadcd4149664fae1ce2227c29e6c352e919de9a929c95ecdc75d78776c24e51c30e8dc79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe

Filesize
184KB

MD5
f4c2484815e09922db412ece12401bea

SHA1
74174f21a878ade66b40e6231e0fbb3f8fda3791

SHA256
38fe15958ffefd5e2c107938be1926dc134bef9507f2cb5ad66ec1dd9d63b81e

SHA512
479339a73e191c0f329a2ff6858e82499f8b9f7e4dbe35c304283656bcd309cb1f3aa2ea2a2b30d2572d4f9e279adaed2cbdb0f7c5443d5ce6701cc62d5a5ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe

Filesize
79KB

MD5
464aaf0ff9886a73105625d18fbd820e

SHA1
596aa93e0d16a429c5ced803fa36f2611846c07d

SHA256
2bb1f2618d95e20ef56fb46e50841d4091c787738c085c5e2498679c6cb86b8d

SHA512
8de573d636132c3d170f5b1bbf1f2197bfa57efdf65adbe94ffda686bf05ec59c428ff2d0faaa5be35cb0867ad99142758d521d200cdddcf532901e863890edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe

Filesize
184KB

MD5
8b33ca9609db48c5c7b9f051625e7daa

SHA1
c58b666beb6469526a1b11bbb12b1fd5ff871a66

SHA256
191a207a64cca359fd369cd6affdecbdfabfac8c72751df8df9d378217c2f9f2

SHA512
994cbf1270063112fd1a6f00cd0ee4d6756aa336365b86e9c6aee678ad0c40db7dbd4926c19fcb4f6a673841261153541b8b9d169b5f48e447b5527feafea951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe

Filesize
184KB

MD5
0226272d032bcfd17fd235e19b1277ed

SHA1
946c70ac3092c70a16301e444a34ec3d743c7775

SHA256
5dd90cece2afbc6cf2dc927735c8211092c4343d16f95ab8c71191bec05fbc68

SHA512
549d39e5df4a951fdc3dc89f0708300fa582583304e8fc0daa3b1cc9e1efa25af05d0dcbc09959c0b3a2549c7b25f08d79e58454dd96f5f46d1c93b10697c114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe

Filesize
44KB

MD5
2a1b908b61ad73c230b3f27da5108924

SHA1
8140c2363480afd5f02e51f3d6092ec229118111

SHA256
ccb9a9c2d508b76a678fa7e54264719a0c2f493f171bb615f2b72726bec5faf3

SHA512
9e301aebb60b63974f65808b2e8f87060ff7d66a2b2c221cde75a45b7ec409d1bd6f54a6f43ba9ba52986b54a2a19a24eec01533ea4a66006a63c394aff982ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe

Filesize
62KB

MD5
bbd450e924fd7e36a6a803b85fa9c8fc

SHA1
0e06abd6d6335bab2a714e0a99634c89da63f843

SHA256
5929e781b5860d8cd6fad3a80be4c1e638b7b1cd150a2de5a7c0fb2b983e25f4

SHA512
d091bed432c2a4514db076fad22203262ee856634346ac2c4d9bd8e3e5974116a8c088964f08a33a405592a505d81f7ed31df255b63e968872bca774f9d7b337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe

Filesize
184KB

MD5
e2626d9784ef6885a3cd2ea18247f528

SHA1
d174f60e1eff97417e5e38624af4df41445db96c

SHA256
7c0ad9bc94f0ec2d5d6f33a6152df9ce8699da1dd46bdc795838a99ebc6bd515

SHA512
57c948018e305970f4f3e6f6bf86338a7ad885226f46e76609bbc870f43396851b5123c3201dda79a73d86880b66a66732c8a413ff9804dbffde60a681cbe579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe

Filesize
54KB

MD5
9cfd5a6f9f3af93c3b8e05132f863b47

SHA1
7837faabec5cac372f1de7a7c064e9c9d1ec9bd8

SHA256
54e002fa40b7a0363a6b09765af367e02472e5e627e5d9364a3ffdbfbdcf1b5c

SHA512
64118b62777df74d2d4ddb6f36017d11ee837f2c3830b09607c2167904817e79ec35f5c37b8521199a619390e6c9eaa0b47a8f076f65a6e23c88119495fff736

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe

Filesize
49KB

MD5
f73576478aeb8ba67f03162efc9f8f65

SHA1
b86fadcdcf979f8cb56b5193600e1a70e4039a2b

SHA256
cccb86be18423f60f09a19e86b79fae91dd9cc8f487489689ea7d5ee19576dd9

SHA512
783d498453daaceb7ee697fb8da1fc9eea64afae981e22e8c21f9b93acce6f4917cf007be8759b6a40c9d990c8eb5bfc69819766e2c34b0b2fdfbdaea11ff144

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
133KB

MD5
f065cb35853a3afc6c881725fb5bf300

SHA1
22f7045ef359f742801059144ac32ca493292900

SHA256
78e24fc9a8116ffaf5888eeb5d5a5b2cc38eef051163c94928bf344f9f75c7bf

SHA512
d2bf37098b0624443d87f7b20056f5dad6c1e5395644ad9c8d87289a69aee1538cbb803606094d4c35f7222ecc1bd83bf468f282dd8831ac5383c696889118f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
126KB

MD5
a56396abe3560f862919fbedd89acd23

SHA1
fac885971003b906e13b7e6186ff1bdd989f071a

SHA256
43ee8a2372b71c457b7bd9654d7ff485f867d357541e8db150dc7e14116b1e63

SHA512
a845f26fa0794ff8527a2c36241ee8aafd8e22e7ba44b6ae6d68dbb5b440e8ef877144d9a6979453be9faef3fd2d406c354da8c4ca9c15879b20a3937d74a7b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
128KB

MD5
85f02c4a98a1b892fb36e5b9cee6ced0

SHA1
3668bab6614ff083d4b22aa3b0d9c502f187218c

SHA256
c10f4364b6b9cc26a3ba6844f8001f3258830225c52514a0c2d13045e2260d68

SHA512
06b2509bc4c53cbdbede0429cb7ed368752604083f2b49ea2e8b7641f3a59baa6ff2bb8d036c7ee46814197d84589b6261089d7d3412ec2adc3179cd16640329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
136KB

MD5
1de49a1020c23b6388424de1fd002bdb

SHA1
eceee9e86e95e17ea3a19af58d922c0d53ffd1eb

SHA256
ca3b5ae380faa06ea4ce2ad9698d366e26f591a7f5b1a1454dbe8719c9556e49

SHA512
8897f9fabae88c8aa0ad45d7b93222e7687606107af902d2f8bc57867defec19128c43a1653f25b15b6af8c35b24a8aa0e2f0947b1eb9c0fba90fee69bfcfb0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
95KB

MD5
6f31314dcd94372b3935402cddd38df2

SHA1
7da8b02e7829d038bc5cbd50c8b273cfbc7c8ee0

SHA256
a2c083231b7a649644a29ab3570f1481a7bee1f2b70a15d7cd54fe1e676b3f77

SHA512
e9340a34ede6ac3abad88dfcd96cd24dcf068f9439c4d1e17d608c071304c9dd1dfa776452295b3aa08f788fc7ba8fd5444c246eea82fb48eb03fd68ca82f5e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
81KB

MD5
b72211fab2d95d79861a7eb44ba4dd35

SHA1
a4912bc58b930b814a4bde1098cf839d3d4ff455

SHA256
2a977d19124642702954d47a5878eddd082ff31523dada99da834b2815f6ea3e

SHA512
6620e589e5742a0ef7213ee8a216a26a3a7fb8d437a4118d53c525b2495a3ec4b990eac3846f75bab7a21b1c5a9a80f5876ec4283a06be738bda4c75bfb61cfe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
77KB

MD5
6c5850b20d5125f0854966e8ebf31d36

SHA1
45c978a0ed0b35f6e88e66e04a7b7507ac29bba7

SHA256
8a984ce7179a09a0a7d30c4c4b78171de4276b07b13ac12bcb3efa7fd3fb5e56

SHA512
a0c42d23a637ab08ab7328e2fe5acfa0a1397ce8f346dd7b474f0584cfc441d471c05d9a37703504d28fc6412f223a83beb22d05f593316848a5806edb8f2b22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe

Filesize
184KB

MD5
eded7209cd39c71f58f6ff27e08da3a0

SHA1
a1008f52f8ef71e7757166c08817620496489558

SHA256
d58821f466e56a78f62b0cde1543ae2e0e8ad4a3c5ec2f4c39526c599d0b4ebd

SHA512
5841b67044e91322d4e1a6f3b36878294ef848af5b8f2fb0876adfb0b69ae3e783e35c432d1a63a35726520396ae9321fef01a5702384e46d6d0a74ea53f0334

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe

Filesize
184KB

MD5
65c89f0d56475a6bec1325d561bc6a19

SHA1
b62dcbeef5c919853bd0a5818b523c5fa9fe4402

SHA256
9aa83664f002337cb8ea2af323034e04624b33ef2a60b49c0b118fdd1ee65a07

SHA512
f8d3e2d6ecb33061bbc62646de76f1ded8c2152b585e680bfcefc09e97505016f4993e20c0bcd0a4c946e78ea95441f5b37913bae7249ab2855c315aadc71a59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe

Filesize
23KB

MD5
ff0cfe8f7a85607bce6a379483565db5

SHA1
6044dc3afa6a0bc75c71c3df5327054013e1a301

SHA256
9b55932f4515b9826556757a2890c6f3e194e2c9c7b1547f26a39b0ef456f890

SHA512
8346366d82318a4e328a795594d1bf4285f8056960730035b2d93c3198e946eb9082c1884d169f280c6ac2b3c08772085826c7689212f8b23c9a3402c32f0fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe

Filesize
157KB

MD5
662c0907398db846e97747e24d8dd631

SHA1
1afe061e2bbffc54ef7039c3767c1ce21dc38282

SHA256
e87b232c0f1b68b8d3c600fcf4490dc1262827fae59d38fdda049eed2b844a8c

SHA512
69d13c5f877276ad6dae455a82206cb4c9290844813d79390f90ade5b0d9dce9e667647316b05e4a3217664cf69066b57f3f5ec82e74912f2f701444d5821a02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe

Filesize
86KB

MD5
0ae5cdb1f149c222d47b6852b3ea7d24

SHA1
ddc76462c2c146c74a477d177bb4dcc306b13729

SHA256
d77bddef5fe418d6d4e543293e7f3ea75d0e3b352d297126af4e83739bee27b2

SHA512
30121d207862a32964cc0508ce2c483f7610c8dabca7d0147638536325e6aefddb4b1536c98d80b39b6f0d938f464915b92723d22526fa0179a3531e2bcad615

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe

Filesize
65KB

MD5
aa7b44a0855a7b9bc4f46dc691804ee1

SHA1
14c961b35c895f0a0a34914fb5f09a6b7c1b6d1b

SHA256
d2276a23d7ed0b07f1423c15068325644813548edf66638144ae97f9406b3a8f

SHA512
0c3e1263f270b817784ac2b4054a2b30d2583644e395aebf18813649d8a696e7cb4cf9135e3071424f25382211051cc439fefdeaa482d4f3bfe76c36cf9c690c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe

Filesize
44KB

MD5
8731c27847bd292e09b9d14a9cdffa44

SHA1
2bf2f0709453200b2d746167d7e7a2dd5bf66b0d

SHA256
501152c48ab475ef85d6a139f898d058eea5d55c61b1cb413814cbbb55be78d9

SHA512
6c7859581f337a5b6920564452755232fa7dc8dd665fdf6945609e4e40dc60192ae91398f87af7f9ab6dd5f466e70deed8f29516c864abb472551d148409f42d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe

Filesize
184KB

MD5
319ccc3b9df1dc3cc2ef1a43b10f32c2

SHA1
634b9dba1b02bea8b55c657ca1474bf8d5ad1609

SHA256
071678a66a2b6c0c5109f49d3c0568d854ba1c63ecad299d195fe26f249a041e

SHA512
94bd72f6492860f349d9cc02328ba0732f1bebec2f483b96182f95ab145e5dd93da13f1231318b87a07e331a2f19280748e3b9c30eb6f11682476d3f50183d60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe

Filesize
69KB

MD5
163ea9e2cfe6c7e2b9b7105e14c7a71a

SHA1
d8d24807821f29a7bce6e338f74aa753c153775d

SHA256
df22fd63ba5e78d3f572970622ac17c6a9ff9bd3fa10d6b486a1ae021314531d

SHA512
36f221c5b8651ac1071235d1bce9387908cdbcd9a4a2f3a4fb0bdda828e5d159ade547c648f77c7e5d13856ae5a4a4b953f51956bbcd2605d57fb72dc0b69721

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe

Filesize
184KB

MD5
50acd252428545cb195002ebb271fd60

SHA1
e9bccd292a26b918f46540809da1a73cea634e4f

SHA256
3d311d118c15a1f9f2c9fb52c0fe45911b37c6fb640b4eff13ea99c1ac24b0e9

SHA512
47598ef5ef8afc4eab774ebf85f09a01c431e5bfa4210300104f72202ae1ee9301bafbd8698d9044df55ce534230190e06fdeb3bd1b8a8f67ebb0f8c8be8fdbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe

Filesize
184KB

MD5
4021579be20198efd722148f688457a6

SHA1
f916b0dbb52b76fd782492233c8534a6d905491f

SHA256
36086c9b915d1dff289034138b331ec4cfaeabaceceed9115cd3535c1de15a6a

SHA512
6ce6d9163af7f73f7e92fa7fc3f12c175a37ae3594f8db57855b238280e06c8ee561dda7e078a6ac6f0afd643370be6f1bbebd87e7a1f8673c0869fcd89ce8cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe

Filesize
58KB

MD5
bf9ff97409c29e01cf4dab3ce13a634e

SHA1
bb7309e29a9be97cdbd04fa5abc8857d143f0e7a

SHA256
c53c7c58725c84799a8fbbfe5698b64254af3058cfc8d00fa5d16af06e36b549

SHA512
51d044bd7bb62e19ce194ac762c1d0ed53174e26db955ebd03502983f36516d5509d531b2ee4315c605ac4df4929b3fc8eabac9969ee30aff5d2ae250b0c7f6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe

Filesize
184KB

MD5
f77e026ff1746f2f811812944d36ab62

SHA1
2b1a5f183428ba1ada7b94ab6cb0ea06af0728d2

SHA256
9564641f276897146819bec5f1c6734ba82ea331b964d5284cc275cca7a686f4

SHA512
f8c209a49101b38297ed887dbec58f1b0b9f5ea5c2b873b47518c775cf6c49145179bfc416dda09d2cfe68d91e61bde7dee17b54b90e4650af559da58ada9fa1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads