7550b3966ff88405de43ee6089cb0d5c2a7cc9d970b16c8d94343995aa2bc9bf

Analysis

max time kernel
35s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c415d823c7a346ce626c0dd1630261b7.exe
Size

184KB
MD5

c415d823c7a346ce626c0dd1630261b7
SHA1

189fe76a860d7d23e921db59c2aadd1194c0fc7e
SHA256

7550b3966ff88405de43ee6089cb0d5c2a7cc9d970b16c8d94343995aa2bc9bf
SHA512

3a4ac5944c6edf776dfeaba438805bc6b40a35c4a872b45c4c31e2b89f9c1d455f8e482f1cced08000ad6a9dd5487d3ef9a43954e082abaa693d2eb523ff5212
SSDEEP

3072:a2DmoY/5fhA0ryjJdli0w8Fs25d6YDfhEcUx8KIkuNlPvpFB:a2KowO0r6do0w8TJfvNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 38 IoCs

pid	Process
3068	Unicorn-60260.exe
2680	Unicorn-47754.exe
2688	Unicorn-1246.exe
2580	Unicorn-64173.exe
2112	Unicorn-42082.exe
324	Unicorn-26300.exe
1980	Unicorn-23691.exe
1992	Unicorn-42719.exe
1760	Unicorn-5216.exe
112	Unicorn-33587.exe
1312	Unicorn-3415.exe
2308	Unicorn-35533.exe
2140	Unicorn-32003.exe
2256	Unicorn-8890.exe
1172	Unicorn-2907.exe
1436	Unicorn-4853.exe
1688	Unicorn-60831.exe
1824	Unicorn-64168.exe
908	Unicorn-26596.exe
1020	Unicorn-55185.exe
344	Unicorn-40240.exe
1392	Unicorn-62798.exe
2244	Unicorn-15797.exe
1160	Unicorn-62305.exe
2424	Unicorn-65211.exe
2720	Unicorn-36431.exe
2552	Unicorn-24733.exe
2588	Unicorn-47313.exe
2400	Unicorn-8973.exe
816	Unicorn-18533.exe
296	Unicorn-30785.exe
1124	Unicorn-37561.exe
1076	Unicorn-12310.exe
620	Unicorn-24563.exe
1672	Unicorn-4697.exe
2484	Unicorn-64033.exe
2012	Unicorn-43098.exe
848	Unicorn-62964.exe

Loads dropped DLL 64 IoCs

pid	Process
2600	c415d823c7a346ce626c0dd1630261b7.exe
2600	c415d823c7a346ce626c0dd1630261b7.exe
3068	Unicorn-60260.exe
3068	Unicorn-60260.exe
2600	c415d823c7a346ce626c0dd1630261b7.exe
2600	c415d823c7a346ce626c0dd1630261b7.exe
2688	Unicorn-1246.exe
2688	Unicorn-1246.exe
2580	Unicorn-64173.exe
2580	Unicorn-64173.exe
2688	Unicorn-1246.exe
2688	Unicorn-1246.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
564	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2112	Unicorn-42082.exe
2112	Unicorn-42082.exe
2580	Unicorn-64173.exe
2580	Unicorn-64173.exe
324	Unicorn-26300.exe
324	Unicorn-26300.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
1980	Unicorn-23691.exe
1980	Unicorn-23691.exe
2112	Unicorn-42082.exe
2112	Unicorn-42082.exe
1992	Unicorn-42719.exe
1992	Unicorn-42719.exe
324	Unicorn-26300.exe
324	Unicorn-26300.exe
1760	Unicorn-5216.exe
1760	Unicorn-5216.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
400	WerFault.exe

Program crash 30 IoCs

pid	pid_target	Process	procid_target
2648	2600	WerFault.exe	27
564	2688	WerFault.exe	30
2820	3068	WerFault.exe	28
2744	2580	WerFault.exe	32
2148	2112	WerFault.exe	33
400	324	WerFault.exe	34
1352	1980	WerFault.exe	37
1368	1760	WerFault.exe	39
2524	1992	WerFault.exe	38
2804	112	WerFault.exe	41
1428	1312	WerFault.exe	42
1812	2256	WerFault.exe	45
1820	1392	WerFault.exe	55
2848	2308	WerFault.exe	43
860	1020	WerFault.exe	53
2360	344	WerFault.exe	54
2824	2400	WerFault.exe	67
2472	2140	WerFault.exe	44
2528	1172	WerFault.exe	48
2512	1824	WerFault.exe	51
1176	1436	WerFault.exe	49
1656	2720	WerFault.exe	64
1764	1688	WerFault.exe	50
1664	1124	WerFault.exe	69
2576	2588	WerFault.exe	66
1936	816	WerFault.exe	68
2980	908	WerFault.exe	52
3016	1160	WerFault.exe	58
2344	2552	WerFault.exe	65
2432	2244	WerFault.exe	59

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2600	c415d823c7a346ce626c0dd1630261b7.exe
3068	Unicorn-60260.exe
2680	Unicorn-47754.exe
2688	Unicorn-1246.exe
2580	Unicorn-64173.exe
324	Unicorn-26300.exe
2112	Unicorn-42082.exe
1980	Unicorn-23691.exe
1992	Unicorn-42719.exe
1760	Unicorn-5216.exe
112	Unicorn-33587.exe
1312	Unicorn-3415.exe
2308	Unicorn-35533.exe
2140	Unicorn-32003.exe
2256	Unicorn-8890.exe
1172	Unicorn-2907.exe
1436	Unicorn-4853.exe
1688	Unicorn-60831.exe
1824	Unicorn-64168.exe
1020	Unicorn-55185.exe
908	Unicorn-26596.exe
1392	Unicorn-62798.exe
344	Unicorn-40240.exe
2244	Unicorn-15797.exe
1160	Unicorn-62305.exe
2424	Unicorn-65211.exe
2720	Unicorn-36431.exe
2552	Unicorn-24733.exe
2588	Unicorn-47313.exe
2400	Unicorn-8973.exe
1124	Unicorn-37561.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3068	2600	c415d823c7a346ce626c0dd1630261b7.exe	28
PID 2600 wrote to memory of 3068	2600	c415d823c7a346ce626c0dd1630261b7.exe	28
PID 2600 wrote to memory of 3068	2600	c415d823c7a346ce626c0dd1630261b7.exe	28
PID 2600 wrote to memory of 3068	2600	c415d823c7a346ce626c0dd1630261b7.exe	28
PID 3068 wrote to memory of 2680	3068	Unicorn-60260.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-60260.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-60260.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-60260.exe	29
PID 2600 wrote to memory of 2688	2600	c415d823c7a346ce626c0dd1630261b7.exe	30
PID 2600 wrote to memory of 2688	2600	c415d823c7a346ce626c0dd1630261b7.exe	30
PID 2600 wrote to memory of 2688	2600	c415d823c7a346ce626c0dd1630261b7.exe	30
PID 2600 wrote to memory of 2688	2600	c415d823c7a346ce626c0dd1630261b7.exe	30
PID 2688 wrote to memory of 2580	2688	Unicorn-1246.exe	32
PID 2688 wrote to memory of 2580	2688	Unicorn-1246.exe	32
PID 2688 wrote to memory of 2580	2688	Unicorn-1246.exe	32
PID 2688 wrote to memory of 2580	2688	Unicorn-1246.exe	32
PID 2600 wrote to memory of 2648	2600	c415d823c7a346ce626c0dd1630261b7.exe	31
PID 2600 wrote to memory of 2648	2600	c415d823c7a346ce626c0dd1630261b7.exe	31
PID 2600 wrote to memory of 2648	2600	c415d823c7a346ce626c0dd1630261b7.exe	31
PID 2600 wrote to memory of 2648	2600	c415d823c7a346ce626c0dd1630261b7.exe	31
PID 2580 wrote to memory of 2112	2580	Unicorn-64173.exe	33
PID 2580 wrote to memory of 2112	2580	Unicorn-64173.exe	33
PID 2580 wrote to memory of 2112	2580	Unicorn-64173.exe	33
PID 2580 wrote to memory of 2112	2580	Unicorn-64173.exe	33
PID 2688 wrote to memory of 324	2688	Unicorn-1246.exe	34
PID 2688 wrote to memory of 324	2688	Unicorn-1246.exe	34
PID 2688 wrote to memory of 324	2688	Unicorn-1246.exe	34
PID 2688 wrote to memory of 324	2688	Unicorn-1246.exe	34
PID 2688 wrote to memory of 564	2688	Unicorn-1246.exe	35
PID 2688 wrote to memory of 564	2688	Unicorn-1246.exe	35
PID 2688 wrote to memory of 564	2688	Unicorn-1246.exe	35
PID 2688 wrote to memory of 564	2688	Unicorn-1246.exe	35
PID 3068 wrote to memory of 2820	3068	Unicorn-60260.exe	36
PID 3068 wrote to memory of 2820	3068	Unicorn-60260.exe	36
PID 3068 wrote to memory of 2820	3068	Unicorn-60260.exe	36
PID 3068 wrote to memory of 2820	3068	Unicorn-60260.exe	36
PID 2112 wrote to memory of 1980	2112	Unicorn-42082.exe	37
PID 2112 wrote to memory of 1980	2112	Unicorn-42082.exe	37
PID 2112 wrote to memory of 1980	2112	Unicorn-42082.exe	37
PID 2112 wrote to memory of 1980	2112	Unicorn-42082.exe	37
PID 2580 wrote to memory of 1992	2580	Unicorn-64173.exe	38
PID 2580 wrote to memory of 1992	2580	Unicorn-64173.exe	38
PID 2580 wrote to memory of 1992	2580	Unicorn-64173.exe	38
PID 2580 wrote to memory of 1992	2580	Unicorn-64173.exe	38
PID 324 wrote to memory of 1760	324	Unicorn-26300.exe	39
PID 324 wrote to memory of 1760	324	Unicorn-26300.exe	39
PID 324 wrote to memory of 1760	324	Unicorn-26300.exe	39
PID 324 wrote to memory of 1760	324	Unicorn-26300.exe	39
PID 2580 wrote to memory of 2744	2580	Unicorn-64173.exe	40
PID 2580 wrote to memory of 2744	2580	Unicorn-64173.exe	40
PID 2580 wrote to memory of 2744	2580	Unicorn-64173.exe	40
PID 2580 wrote to memory of 2744	2580	Unicorn-64173.exe	40
PID 1980 wrote to memory of 112	1980	Unicorn-23691.exe	41
PID 1980 wrote to memory of 112	1980	Unicorn-23691.exe	41
PID 1980 wrote to memory of 112	1980	Unicorn-23691.exe	41
PID 1980 wrote to memory of 112	1980	Unicorn-23691.exe	41
PID 2112 wrote to memory of 1312	2112	Unicorn-42082.exe	42
PID 2112 wrote to memory of 1312	2112	Unicorn-42082.exe	42
PID 2112 wrote to memory of 1312	2112	Unicorn-42082.exe	42
PID 2112 wrote to memory of 1312	2112	Unicorn-42082.exe	42
PID 1992 wrote to memory of 2308	1992	Unicorn-42719.exe	43
PID 1992 wrote to memory of 2308	1992	Unicorn-42719.exe	43
PID 1992 wrote to memory of 2308	1992	Unicorn-42719.exe	43
PID 1992 wrote to memory of 2308	1992	Unicorn-42719.exe	43

C:\Users\Admin\AppData\Local\Temp\c415d823c7a346ce626c0dd1630261b7.exe
"C:\Users\Admin\AppData\Local\Temp\c415d823c7a346ce626c0dd1630261b7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        9⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 380
        9⤵
        Program crash
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        8⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 380
        8⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        8⤵
        Executes dropped EXE
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 372
        8⤵
        Program crash
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 368
        7⤵
        Program crash
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50089.exe
        7⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 380
        7⤵
        Program crash
        
        PID:1764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 368
        6⤵
        Program crash
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        8⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 372
        8⤵
        Program crash
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        7⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 372
        7⤵
        Program crash
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        8⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 384
        7⤵
        Program crash
        
        PID:2344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 368
        6⤵
        Program crash
        
        PID:1428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 372
        8⤵
        Program crash
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        7⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 380
        7⤵
        Program crash
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 380
        7⤵
        Program crash
        
        PID:2824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 380
        6⤵
        Program crash
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        6⤵
        Executes dropped EXE
        
        PID:620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 372
        6⤵
        Program crash
        
        PID:2980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 376
        5⤵
        Program crash
        
        PID:2524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        7⤵
        Executes dropped EXE
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        8⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 372
        8⤵
        Program crash
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 380
        7⤵
        Program crash
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        7⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 380
        7⤵
        Program crash
        
        PID:1664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 384
        6⤵
        Program crash
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        6⤵
        Executes dropped EXE
        
        PID:296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 380
        6⤵
        Program crash
        
        PID:860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 376
        5⤵
        Program crash
        
        PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        Executes dropped EXE
        
        PID:1076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 380
        6⤵
        Program crash
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        5⤵
        Executes dropped EXE
        
        PID:1672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 372
        5⤵
        Program crash
        
        PID:2472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 376
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe

Filesize
128KB

MD5
78352994f54d8fedb462d950c4c54b51

SHA1
049b33bba743765e20f0e7adad9ceb5b06947eab

SHA256
53db7807a11dc2453dd4ca414c5ffcdf12b549ba6083966685152c89839a2cc0

SHA512
39e89fc72c235a905d0827ca469ba13c374ad0f3fef72be3be7edfa70e7967a44ff360694cb738898b5502a5a80f0269fc8e83ea512ad16e7070573ff5aeadf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe

Filesize
184KB

MD5
fc347a7bc6b553f9e3fa91244d55d036

SHA1
6fddc8dd87ad37352d4a8a51d136e0f0d7e709e6

SHA256
b8d2c547a1d39992810296adc398ca7443d7f6d5d4dcf52d96745015dca1a2d8

SHA512
31b2ba556976f486970b5c79b6f13e9b4d478ba034b8794750902d1d4cb60d22aa75d3f4fa08cd80698b15caa187c2b69afb0325c1785d2ed5258282690d491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe

Filesize
184KB

MD5
5bcd085a7f5e4cc74a0c82e05a30181a

SHA1
085c6c4b58b5c41860d0b6b309d3bd7fde13d074

SHA256
64955a3d778d4b27575aab8a813fe26d2e55fe357ec9d8ba1e886b78ec7a16ae

SHA512
4687cd1603ea973dad779854210e9332fd08da2dbdf4d5f6689d84e5d8da6af246703782617771fd8eff11fc5b113d2931766fdd830ae5ec1e1c68c2589c63fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe

Filesize
184KB

MD5
8e3efbbfa600b52d6dd3ca701bbdf286

SHA1
d6fcc6fc8202b46ef309cda6171b1ce1ebfad10a

SHA256
b5271ae95a9a86cc05cba0b97c1ccda35888bf038fb6a08bf957e9b73e61ca72

SHA512
2bf8e546938577057ff4edf9c8bd8f0fe80683b6d82aff9035f14bc870270179c4161f0a072ee52165245b76a7b9028fab339e053b08de721ed6b2978eac5742

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe

Filesize
184KB

MD5
eee5a8ceb97fb1ed3c0d2e2cf96101f6

SHA1
81885f114faa3ad418029a8ef7fb5134e4e383f1

SHA256
b0a456cd267779110b4625108c98776fefb848ee45317dd46182a4f9c82a245f

SHA512
caf17263fbf572daf14f0919a663f7f4480001e74adc964808234686336a2cf3781107480fcb305cce54209543f8a7b742464a3973e16e1cd6f75e8ded3f1924

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe

Filesize
184KB

MD5
39914f25ee038c4f657b6dd3d6ee057a

SHA1
0782a0a0e14ce89cd5927503f0712357ba3d47a9

SHA256
9388ff76b3dc6922847f218d1594bcf5c6d269c8e6bd71efe242945e0ce2baf7

SHA512
3a38915e865204e3937743e673278f34003ba948891faf847f83e314d00e2b9062297414842191c6e7e95a1129f3df0d9814cfac5982fef86ae804999cd869a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe

Filesize
184KB

MD5
1cead626a93a29f1ff9f6d58ef1c2b26

SHA1
3aa2796371fb6bffbfbf844981fa46a2a88e393b

SHA256
e1b444060725d2770107f39be0d4080c44b04b89ea7925539b8955b01fcd9962

SHA512
336fc6e23842a61de0f1c89eb2b60f09bbaeac66c3703efe6f5fa4d4e40387cfa02ff49519a9b8d730400c886a007ebed503c159fb294efe0fd42a4edd930be1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe

Filesize
184KB

MD5
fa404ba02500c31d323e38119c251e55

SHA1
7f6e3aaf1112127ae4e36808b49022dc841f69b4

SHA256
3e7fad0f1eebcfe2c374600c543dd3b61b023a35432e937d46abde762e02a168

SHA512
0b5e4db66562508ceee5a7472aa5f4ccb0f486a06a7469630fea7f16e9834ef58c21e7fbb88daea8a794ff1050196dea4dc51bb0aae207359f1b6f863008d1a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe

Filesize
184KB

MD5
17c3e2f7dc8ae23a020a5b2be9e32be1

SHA1
6537f71fa590ba56f248a72bdf406698da8af413

SHA256
5390083ae8c61bdb070fb13aab997457d5c84c5748e875109326624c1e2295dc

SHA512
ff9317e9eb141eef2280bbfbf0f054760b087a4ab94ee744be09ee006ffc673b4a25c9065f8f0470f20193b3d77024b60fb9b279b9eae7edab59693741ee4f4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe

Filesize
184KB

MD5
eeadab8ded583491c7775d8ca61e35ef

SHA1
09a707b7c8a96fef3d24c31e4582b4e35b464710

SHA256
8183241deef77aad2dbac416af577da5430a60242b33d10e4f8df59764c83efa

SHA512
db950e16134b49cd9cdb87b6142f695f739d8f2cd5f44b52cd52ff98901bfcf802792e748c603b89c6c25665d63c5d67ebb569b15b403c6c74001e0199a11b8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe

Filesize
184KB

MD5
a9700f7f560d9828a1aa285b9ae4b9b2

SHA1
ea1a6d7fba82b58fd3b0462f10ca9582e2cf0ae8

SHA256
17087b4bd1db9c37337cf8bd1f6abc6b1c3bee23f809e81ed9a62b48ab4c639c

SHA512
1167e4596fc03b7a2dfff6f09f936449588ff373b8dbaf961c23a223906e6f039c5175d542faee1385e9d5eb30c2478b37f0209781c827618c4a0cf596f2002e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe

Filesize
184KB

MD5
ed449c7d5172fe447948f5ba6463e732

SHA1
d240820a029884b22cc7ec7ce313a9d7af2841e8

SHA256
59c4dc87489332b754752e3e68e178cff347baabcfa8602c02a5877b4dc82231

SHA512
05d2a2555d0e4f99696a3302565f4800d6408b482b2fa715ca79535c6d36c094b7597a60cbfa41fb61605e3f979c1f82e410fa99ad7bc92e4fea7948a0bf5b1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads