a4da67c8dd8624e77eb75ddcd07eceeec3e26de4d9dbaa1eb9675a9f8a841d6a

Analysis

max time kernel
50s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bcbf54fa40318687070b6008bead87ac.exe
Size

184KB
MD5

bcbf54fa40318687070b6008bead87ac
SHA1

64e251057caab8ae5946579354cb2fc1bd43d023
SHA256

a4da67c8dd8624e77eb75ddcd07eceeec3e26de4d9dbaa1eb9675a9f8a841d6a
SHA512

25c44ebc52ecb6868ba5c29774ecf9f0fe466d50af134b1a09b410e4decea7bde97ed05a89ea78117e49ac608902d0270c4ad5076abb3e6b33de23ac9188e8e4
SSDEEP

3072:/ZGSoz/5zhAp8yjidjizAZ7035764OfF+8Ex8HurbNlPvpFj:/ZLoROp8JdWzAZFNB2NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
2172	Unicorn-53528.exe
2620	Unicorn-61779.exe
3032	Unicorn-50082.exe
2536	Unicorn-24878.exe
2556	Unicorn-50150.exe
2456	Unicorn-54213.exe
592	Unicorn-39050.exe
920	Unicorn-41550.exe
2608	Unicorn-19507.exe
2828	Unicorn-23591.exe
2408	Unicorn-32313.exe
1216	Unicorn-16575.exe
2804	Unicorn-41633.exe
1156	Unicorn-44971.exe
2872	Unicorn-63445.exe
536	Unicorn-54462.exe
3056	Unicorn-12874.exe
2100	Unicorn-57991.exe
1264	Unicorn-52324.exe
2788	Unicorn-16658.exe
2272	Unicorn-41716.exe
2340	Unicorn-59444.exe
1224	Unicorn-47192.exe
812	Unicorn-7482.exe
892	Unicorn-55936.exe
2168	Unicorn-43684.exe
1720	Unicorn-7290.exe
2072	Unicorn-49714.exe
2092	Unicorn-45630.exe
1676	Unicorn-54353.exe
2860	Unicorn-5365.exe
2648	Unicorn-28478.exe
2432	Unicorn-28500.exe
1088	Unicorn-47851.exe
560	Unicorn-11649.exe
2808	Unicorn-29377.exe
2184	Unicorn-35407.exe
1708	Unicorn-64742.exe
2332	Unicorn-59252.exe
1416	Unicorn-62397.exe
2012	Unicorn-46061.exe
2844	Unicorn-26217.exe
2516	Unicorn-4213.exe
2252	Unicorn-24079.exe
1148	Unicorn-58889.exe
2120	Unicorn-63528.exe
2308	Unicorn-46445.exe
1176	Unicorn-26579.exe
1956	Unicorn-47021.exe
884	Unicorn-34577.exe
1412	Unicorn-24847.exe
2256	Unicorn-43876.exe
2524	Unicorn-22770.exe
1748	Unicorn-42636.exe
2652	Unicorn-26300.exe
2228	Unicorn-17940.exe
1960	Unicorn-65002.exe
1928	Unicorn-14410.exe
1556	Unicorn-35790.exe
2460	Unicorn-55656.exe
1092	Unicorn-5277.exe

Loads dropped DLL 64 IoCs

pid	Process
1768	bcbf54fa40318687070b6008bead87ac.exe
1768	bcbf54fa40318687070b6008bead87ac.exe
2172	Unicorn-53528.exe
2172	Unicorn-53528.exe
1768	bcbf54fa40318687070b6008bead87ac.exe
1768	bcbf54fa40318687070b6008bead87ac.exe
2620	Unicorn-61779.exe
2172	Unicorn-53528.exe
2620	Unicorn-61779.exe
2172	Unicorn-53528.exe
3032	Unicorn-50082.exe
3032	Unicorn-50082.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe
2536	Unicorn-24878.exe
2536	Unicorn-24878.exe
2620	Unicorn-61779.exe
2620	Unicorn-61779.exe
2456	Unicorn-54213.exe
2556	Unicorn-50150.exe
2456	Unicorn-54213.exe
2556	Unicorn-50150.exe
3032	Unicorn-50082.exe
3032	Unicorn-50082.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
844	WerFault.exe
592	Unicorn-39050.exe
592	Unicorn-39050.exe
2536	Unicorn-24878.exe
2536	Unicorn-24878.exe
920	Unicorn-41550.exe
920	Unicorn-41550.exe
2608	Unicorn-19507.exe
2608	Unicorn-19507.exe
2456	Unicorn-54213.exe
2456	Unicorn-54213.exe
2408	Unicorn-32313.exe
2408	Unicorn-32313.exe
2828	Unicorn-23591.exe
2828	Unicorn-23591.exe
2556	Unicorn-50150.exe

Program crash 43 IoCs

pid	pid_target	Process	procid_target
2576	1768	WerFault.exe	27
2944	2172	WerFault.exe	28
844	2620	WerFault.exe	29
1772	3032	WerFault.exe	30
1680	2536	WerFault.exe	32
820	2456	WerFault.exe	33
1108	2556	WerFault.exe	34
2636	592	WerFault.exe	36
2476	920	WerFault.exe	37
2948	2408	WerFault.exe	40
2180	2828	WerFault.exe	39
2064	1216	WerFault.exe	43
1776	1156	WerFault.exe	45
2040	2804	WerFault.exe	44
2568	2608	WerFault.exe	38
2668	3056	WerFault.exe	48
612	2072	WerFault.exe	63
2684	536	WerFault.exe	47
2148	2092	WerFault.exe	62
3100	2648	WerFault.exe	67
3092	2860	WerFault.exe	66
3116	1088	WerFault.exe	72
3080	2272	WerFault.exe	55
1512	2432	WerFault.exe	69
1028	1720	WerFault.exe	61
3168	2516	WerFault.exe	81
3156	2168	WerFault.exe	60
3144	892	WerFault.exe	59
3136	560	WerFault.exe	73
3128	1676	WerFault.exe	64
3196	2100	WerFault.exe	49
3232	1148	WerFault.exe	83
3224	1224	WerFault.exe	57
3216	2788	WerFault.exe	54
3208	2332	WerFault.exe	77
3308	2184	WerFault.exe	75
3392	812	WerFault.exe	58
3480	1264	WerFault.exe	50
3600	2340	WerFault.exe	56
3612	2256	WerFault.exe	93
3676	1956	WerFault.exe	89
848	2120	WerFault.exe	85
3772	1748	WerFault.exe	95

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
1768	bcbf54fa40318687070b6008bead87ac.exe
2172	Unicorn-53528.exe
2620	Unicorn-61779.exe
3032	Unicorn-50082.exe
2536	Unicorn-24878.exe
2456	Unicorn-54213.exe
2556	Unicorn-50150.exe
592	Unicorn-39050.exe
920	Unicorn-41550.exe
2608	Unicorn-19507.exe
2828	Unicorn-23591.exe
2408	Unicorn-32313.exe
1216	Unicorn-16575.exe
2804	Unicorn-41633.exe
1156	Unicorn-44971.exe
2872	Unicorn-63445.exe
536	Unicorn-54462.exe
3056	Unicorn-12874.exe
2100	Unicorn-57991.exe
1264	Unicorn-52324.exe
2788	Unicorn-16658.exe
2272	Unicorn-41716.exe
2340	Unicorn-59444.exe
1224	Unicorn-47192.exe
892	Unicorn-55936.exe
812	Unicorn-7482.exe
2092	Unicorn-45630.exe
2168	Unicorn-43684.exe
1676	Unicorn-54353.exe
1720	Unicorn-7290.exe
2072	Unicorn-49714.exe
2860	Unicorn-5365.exe
2432	Unicorn-28500.exe
2648	Unicorn-28478.exe
2332	Unicorn-59252.exe
560	Unicorn-11649.exe
1088	Unicorn-47851.exe
2184	Unicorn-35407.exe
2808	Unicorn-29377.exe
1708	Unicorn-64742.exe
1416	Unicorn-62397.exe
2012	Unicorn-46061.exe
2516	Unicorn-4213.exe
1148	Unicorn-58889.exe
2252	Unicorn-24079.exe
2844	Unicorn-26217.exe
1176	Unicorn-26579.exe
2120	Unicorn-63528.exe
2308	Unicorn-46445.exe
1956	Unicorn-47021.exe
884	Unicorn-34577.exe
2256	Unicorn-43876.exe
1748	Unicorn-42636.exe
2652	Unicorn-26300.exe
1412	Unicorn-24847.exe
2228	Unicorn-17940.exe
1960	Unicorn-65002.exe
2460	Unicorn-55656.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2172	1768	bcbf54fa40318687070b6008bead87ac.exe	28
PID 1768 wrote to memory of 2172	1768	bcbf54fa40318687070b6008bead87ac.exe	28
PID 1768 wrote to memory of 2172	1768	bcbf54fa40318687070b6008bead87ac.exe	28
PID 1768 wrote to memory of 2172	1768	bcbf54fa40318687070b6008bead87ac.exe	28
PID 2172 wrote to memory of 2620	2172	Unicorn-53528.exe	29
PID 2172 wrote to memory of 2620	2172	Unicorn-53528.exe	29
PID 2172 wrote to memory of 2620	2172	Unicorn-53528.exe	29
PID 2172 wrote to memory of 2620	2172	Unicorn-53528.exe	29
PID 1768 wrote to memory of 3032	1768	bcbf54fa40318687070b6008bead87ac.exe	30
PID 1768 wrote to memory of 3032	1768	bcbf54fa40318687070b6008bead87ac.exe	30
PID 1768 wrote to memory of 3032	1768	bcbf54fa40318687070b6008bead87ac.exe	30
PID 1768 wrote to memory of 3032	1768	bcbf54fa40318687070b6008bead87ac.exe	30
PID 1768 wrote to memory of 2576	1768	bcbf54fa40318687070b6008bead87ac.exe	31
PID 1768 wrote to memory of 2576	1768	bcbf54fa40318687070b6008bead87ac.exe	31
PID 1768 wrote to memory of 2576	1768	bcbf54fa40318687070b6008bead87ac.exe	31
PID 1768 wrote to memory of 2576	1768	bcbf54fa40318687070b6008bead87ac.exe	31
PID 2620 wrote to memory of 2536	2620	Unicorn-61779.exe	32
PID 2620 wrote to memory of 2536	2620	Unicorn-61779.exe	32
PID 2620 wrote to memory of 2536	2620	Unicorn-61779.exe	32
PID 2620 wrote to memory of 2536	2620	Unicorn-61779.exe	32
PID 2172 wrote to memory of 2456	2172	Unicorn-53528.exe	33
PID 2172 wrote to memory of 2456	2172	Unicorn-53528.exe	33
PID 2172 wrote to memory of 2456	2172	Unicorn-53528.exe	33
PID 2172 wrote to memory of 2456	2172	Unicorn-53528.exe	33
PID 3032 wrote to memory of 2556	3032	Unicorn-50082.exe	34
PID 3032 wrote to memory of 2556	3032	Unicorn-50082.exe	34
PID 3032 wrote to memory of 2556	3032	Unicorn-50082.exe	34
PID 3032 wrote to memory of 2556	3032	Unicorn-50082.exe	34
PID 2172 wrote to memory of 2944	2172	Unicorn-53528.exe	35
PID 2172 wrote to memory of 2944	2172	Unicorn-53528.exe	35
PID 2172 wrote to memory of 2944	2172	Unicorn-53528.exe	35
PID 2172 wrote to memory of 2944	2172	Unicorn-53528.exe	35
PID 2536 wrote to memory of 592	2536	Unicorn-24878.exe	36
PID 2536 wrote to memory of 592	2536	Unicorn-24878.exe	36
PID 2536 wrote to memory of 592	2536	Unicorn-24878.exe	36
PID 2536 wrote to memory of 592	2536	Unicorn-24878.exe	36
PID 2620 wrote to memory of 920	2620	Unicorn-61779.exe	37
PID 2620 wrote to memory of 920	2620	Unicorn-61779.exe	37
PID 2620 wrote to memory of 920	2620	Unicorn-61779.exe	37
PID 2620 wrote to memory of 920	2620	Unicorn-61779.exe	37
PID 2456 wrote to memory of 2608	2456	Unicorn-54213.exe	38
PID 2456 wrote to memory of 2608	2456	Unicorn-54213.exe	38
PID 2456 wrote to memory of 2608	2456	Unicorn-54213.exe	38
PID 2456 wrote to memory of 2608	2456	Unicorn-54213.exe	38
PID 2556 wrote to memory of 2828	2556	Unicorn-50150.exe	39
PID 2556 wrote to memory of 2828	2556	Unicorn-50150.exe	39
PID 2556 wrote to memory of 2828	2556	Unicorn-50150.exe	39
PID 2556 wrote to memory of 2828	2556	Unicorn-50150.exe	39
PID 3032 wrote to memory of 2408	3032	Unicorn-50082.exe	40
PID 3032 wrote to memory of 2408	3032	Unicorn-50082.exe	40
PID 3032 wrote to memory of 2408	3032	Unicorn-50082.exe	40
PID 3032 wrote to memory of 2408	3032	Unicorn-50082.exe	40
PID 2620 wrote to memory of 844	2620	Unicorn-61779.exe	41
PID 2620 wrote to memory of 844	2620	Unicorn-61779.exe	41
PID 2620 wrote to memory of 844	2620	Unicorn-61779.exe	41
PID 2620 wrote to memory of 844	2620	Unicorn-61779.exe	41
PID 3032 wrote to memory of 1772	3032	Unicorn-50082.exe	42
PID 3032 wrote to memory of 1772	3032	Unicorn-50082.exe	42
PID 3032 wrote to memory of 1772	3032	Unicorn-50082.exe	42
PID 3032 wrote to memory of 1772	3032	Unicorn-50082.exe	42
PID 592 wrote to memory of 1216	592	Unicorn-39050.exe	43
PID 592 wrote to memory of 1216	592	Unicorn-39050.exe	43
PID 592 wrote to memory of 1216	592	Unicorn-39050.exe	43
PID 592 wrote to memory of 1216	592	Unicorn-39050.exe	43

C:\Users\Admin\AppData\Local\Temp\bcbf54fa40318687070b6008bead87ac.exe
"C:\Users\Admin\AppData\Local\Temp\bcbf54fa40318687070b6008bead87ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 380
        9⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
        8⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 380
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        9⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 384
        9⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 380
        8⤵
        Program crash
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 376
        7⤵
        Program crash
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28500.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 380
        8⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 380
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 380
        7⤵
        Program crash
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 376
        6⤵
        Program crash
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 384
        7⤵
        Program crash
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 372
        7⤵
        Program crash
        
        PID:3208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 376
        6⤵
        Program crash
        
        PID:2040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 368
        5⤵
        Program crash
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 380
        8⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        7⤵
        Executes dropped EXE
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 372
        7⤵
        Program crash
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 380
        8⤵
        Program crash
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 372
        7⤵
        Program crash
        
        PID:3136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 376
        6⤵
        Program crash
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 380
        6⤵
        Program crash
        
        PID:3392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 380
        5⤵
        Program crash
        
        PID:2476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 376
        5⤵
        Program crash
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 380
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        6⤵
        Executes dropped EXE
        
        PID:1556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 380
        6⤵
        Program crash
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 372
        5⤵
        Program crash
        
        PID:2684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 372
      4⤵
      Program crash
      PID:820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        8⤵
        Executes dropped EXE
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 380
        8⤵
        Program crash
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 372
        7⤵
        Program crash
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        7⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 380
        7⤵
        Program crash
        
        PID:848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 372
        6⤵
        Program crash
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 380
        6⤵
        Program crash
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 376
        5⤵
        Program crash
        
        PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 380
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 384
        5⤵
        Program crash
        
        PID:3480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 368
      4⤵
      Program crash
      PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 380
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 372
        6⤵
        Program crash
        
        PID:3168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 376
        5⤵
        Program crash
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 380
        5⤵
        Program crash
        
        PID:1028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 368
      4⤵
      Program crash
      PID:2948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 380
  2⤵
  - Program crash
  PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe

Filesize
184KB

MD5
d16747c62e996b33a866d00fb5e8c6ae

SHA1
b120a17555c9791dfcf59e144770ad8ac4ed3d69

SHA256
591c55338380b85147a3af99a6fa0ae73d4cf7464d616337be8f9eed23f5c946

SHA512
bd84ad24279d5d48efe1fc570da15471ea8ecfc5a51bc0726cd961a4ebb5b9c485ecd3d8c36069d298ff0260c5b215e05340b9a82d7d4099b8cb9127be0c89c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe

Filesize
184KB

MD5
3355f0b529e88d8e96ab72512ab46869

SHA1
4ae6a51fd0af2258e986a39c1026884c3b83ad03

SHA256
4d773cf2911a411916c006bac73718e08aa86fb46a0ccddc6fc01b23d6073ffa

SHA512
75877b224572eb0704d86b33707b85563d47ca18d24a5abcdf8dc35fce6d95f8469df2262d727a8bb44ad4c9b2ff3880ddf995c72605b3b1400a6683bd76874b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe

Filesize
184KB

MD5
9d1922fdebc39408fae80d5ec17e976f

SHA1
4cfcc947e2bb3c605ad97994bd07efe1fdcbae21

SHA256
1862b9230467ccaa1e8af0ea5ee9f2798ce2223ebf2e3c04907f5b30049fd6bd

SHA512
f704d51944ea5f85cb466df8fa8eae9c1d9d74565d35e42234ea8a83a7ea0912bb7a3edb08ddc619af02c30fcb3b527f54efa37753bcef72da4ed506249373fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe

Filesize
184KB

MD5
c5bedabc3c2d78d9ec002359c3670aa4

SHA1
38c03b20dd6b416bb1bbb381afc03b11cb15acc0

SHA256
fcbb938e06202dff320a4e72e1415ec3d2c37e0cdfcf866f17fd1c418573a63c

SHA512
a1c6a38d02b0b0fa31a46f1b2069a9aa8136abbb626777d69f8bb0e969579dbe659c0321910d08ee07603fb241ee923b0604f2c2e09e3687e5668a45c6455d71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe

Filesize
184KB

MD5
47743fd8e60b402c48a3fc1c8b3b5c50

SHA1
af92fa295edd83941ad5c7c6327abf25984b9b82

SHA256
af20309df28ff0c438e7096094f5fbb519ab7de4abefd5ad5f8a71ca89c35c9c

SHA512
83e1457245a50bf0256eb6ba36970d9ba8d212d3a7d9454e2f061b451590789a0115a82e53612638ce24b76cef15ec0b1cf1cd53eaeb38d39aa4b50168db11a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe

Filesize
184KB

MD5
db70b13b00f88a99a10a9c01add4323a

SHA1
3ff4e03e4bb995333031bd8c1497a2944002c34e

SHA256
07ca83305701ef8149078857cc495d6c9952ab99eb3670cb102d5390077ee4a3

SHA512
706edd5baebc017d34a99a2cd7cd886ef8ac5c71e1aa7f0d92529de656256a553879b33a45e93f7e724fbdbd1060ab8d9dc047e3ecc1378050d2d952eed14867

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe

Filesize
184KB

MD5
1e8a69f5eba29b92e77fcf4db205acc2

SHA1
d67cb4dc93bceca890b64087c5b4074aa0cef9fe

SHA256
9b3bcf5d3dbc389b615c48c3cf17b1ab064cfd42d90c3e165fafbea0ab517d45

SHA512
958c083a34b00f72161d4a1a398dca88fbdc4ace987eb2940e9b15d2474f0d6c00fd48c24396fc07617fe265b3a6d58d9f3204da316f3e3aa28bf8639ad9d4d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe

Filesize
184KB

MD5
ad444f39c749217283b2218946a8da51

SHA1
a77164e1b3e454aca59bb3b9359afa18a6739d8d

SHA256
824626409dc79fcd39030487351f80a5471ed313ee9217288a508dfa0c643935

SHA512
617661744404281014be9a7b3ebe900296c35dd81f10b528f991e2433f7436e337253e291144ca4fea55d55738c6fd65e51663b4319fde81beb78fd1347ed38d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe

Filesize
184KB

MD5
484a1a558ceaf256b6c86f96ba308d60

SHA1
2acb87a1e7f5397e42ce0487447bde983617513f

SHA256
33fbcb551fc2569645ba6203754d0307e5265f15c2a1a6bfb3018bafa8271a2f

SHA512
6e18e40b940dc04dee2d2ebecb77b4a2f7704ad1cbbe7b305fcf4ad7c8b15f210255869e349a3ebd7a4ad80a87bb91e5e4a70609fe2fdf948434c2f98161a63a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe

Filesize
184KB

MD5
c474baa773b8eed67ec0af5d9fb8c140

SHA1
6a61d40a2b8f65f62eee1d562b065e11c810c028

SHA256
4fe666e185b077985fed5c5946f252a5eb65c2264c0b92855461fc724d4feb7c

SHA512
942fd5b6aa297c3c71bf62cc061504b19a0fa14a2f1630c0dd91dfe48e3e219b4720c121fce162533569ea423f65437f00849edeca4d9dd195f4b4369079809d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe

Filesize
184KB

MD5
a79826e6ebcd475cb22cf14d26ccb1c0

SHA1
73e89c6c2d74b2ddac529d8bdc00e492539a25b9

SHA256
492398008583582913ae6c2bfe9fccc7eda8ffb27a18e6c9ff08601b384655c8

SHA512
32604e5449d3b41fdfa6c9217f7d1116f4497ef1049093b5799913ddd6edeb4beeb9d780b2e21121a08e4aedda501d5cde2f878e2b0aeb38483678e3e6cd1dac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads