0f9dde37bfa48445f572f336df7d169da1364617a687e57460ca96a4f8717788

Analysis

max time kernel
69s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 03:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
Size

184KB
MD5

e9176b088f9a79e9f41a8a30f89475ad
SHA1

381e40aef3bc0617fc1cfea82644c45711fa3fd3
SHA256

0f9dde37bfa48445f572f336df7d169da1364617a687e57460ca96a4f8717788
SHA512

70483c0e45512366decb46f4f710e8ce2f9cdf01bf7565058ec95cb029067aefd1cd6d775c35e3803fdbe73ec8fb8b8d7f22a32355cc09522a65332c9963a272
SSDEEP

3072:aZ7Boz/bz+A6ryjbVviUAZFH3Hk64AaFuvEx8/gCSNlPvpFU:aZlorz6r8VaUAZda6KNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 25 IoCs

pid	Process
2100	Unicorn-19677.exe
2640	Unicorn-13397.exe
2600	Unicorn-29084.exe
1968	Unicorn-22673.exe
2472	Unicorn-59067.exe
1716	Unicorn-52596.exe
2248	Unicorn-36068.exe
2764	Unicorn-49067.exe
2980	Unicorn-46281.exe
1312	Unicorn-10956.exe
880	Unicorn-29369.exe
1456	Unicorn-3546.exe
2352	Unicorn-55762.exe
684	Unicorn-11159.exe
1060	Unicorn-26427.exe
1516	Unicorn-22705.exe
1112	Unicorn-4195.exe
328	Unicorn-17194.exe
888	Unicorn-33277.exe
2264	Unicorn-19572.exe
1596	Unicorn-29363.exe
1048	Unicorn-41274.exe
2888	Unicorn-47343.exe
968	Unicorn-28956.exe
1892	Unicorn-1613.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
2100	Unicorn-19677.exe
2100	Unicorn-19677.exe
1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2100	Unicorn-19677.exe
2100	Unicorn-19677.exe
2600	Unicorn-29084.exe
2600	Unicorn-29084.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
1968	Unicorn-22673.exe
1968	Unicorn-22673.exe
2472	Unicorn-59067.exe
2472	Unicorn-59067.exe
2600	Unicorn-29084.exe
2600	Unicorn-29084.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
2712	WerFault.exe
1716	Unicorn-52596.exe
1716	Unicorn-52596.exe
2712	WerFault.exe
1968	Unicorn-22673.exe
1968	Unicorn-22673.exe
2764	Unicorn-49067.exe
2764	Unicorn-49067.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2980	Unicorn-46281.exe
2980	Unicorn-46281.exe
1716	Unicorn-52596.exe
1716	Unicorn-52596.exe
1312	Unicorn-10956.exe
1312	Unicorn-10956.exe
880	Unicorn-29369.exe
880	Unicorn-29369.exe
2764	Unicorn-49067.exe
2764	Unicorn-49067.exe

Program crash 21 IoCs

pid	pid_target	Process	procid_target
2692	2640	WerFault.exe	29
2740	1708	WerFault.exe	27
2968	2100	WerFault.exe	28
2712	2600	WerFault.exe	30
2896	1968	WerFault.exe	33
1040	2764	WerFault.exe	38
1256	1716	WerFault.exe	36
1316	880	WerFault.exe	42
1528	2980	WerFault.exe	40
2276	1312	WerFault.exe	41
3056	2352	WerFault.exe	45
2296	684	WerFault.exe	46
2540	2472	WerFault.exe	34
2412	1516	WerFault.exe	48
2156	1456	WerFault.exe	44
2684	1112	WerFault.exe	49
2092	328	WerFault.exe	50
1592	2888	WerFault.exe	58
588	1048	WerFault.exe	56
1320	2264	WerFault.exe	52
1388	336	WerFault.exe	74

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
2100	Unicorn-19677.exe
2640	Unicorn-13397.exe
2600	Unicorn-29084.exe
1968	Unicorn-22673.exe
2472	Unicorn-59067.exe
1716	Unicorn-52596.exe
2248	Unicorn-36068.exe
2764	Unicorn-49067.exe
2980	Unicorn-46281.exe
1312	Unicorn-10956.exe
880	Unicorn-29369.exe
1456	Unicorn-3546.exe
2352	Unicorn-55762.exe
684	Unicorn-11159.exe
1516	Unicorn-22705.exe
1112	Unicorn-4195.exe
328	Unicorn-17194.exe
1048	Unicorn-41274.exe
2888	Unicorn-47343.exe
888	Unicorn-33277.exe
2264	Unicorn-19572.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2100	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2100	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2100	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2100	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2640	2100	Unicorn-19677.exe	29
PID 2100 wrote to memory of 2640	2100	Unicorn-19677.exe	29
PID 2100 wrote to memory of 2640	2100	Unicorn-19677.exe	29
PID 2100 wrote to memory of 2640	2100	Unicorn-19677.exe	29
PID 1708 wrote to memory of 2600	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	30
PID 1708 wrote to memory of 2600	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	30
PID 1708 wrote to memory of 2600	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	30
PID 1708 wrote to memory of 2600	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	30
PID 2640 wrote to memory of 2692	2640	Unicorn-13397.exe	31
PID 2640 wrote to memory of 2692	2640	Unicorn-13397.exe	31
PID 2640 wrote to memory of 2692	2640	Unicorn-13397.exe	31
PID 2640 wrote to memory of 2692	2640	Unicorn-13397.exe	31
PID 1708 wrote to memory of 2740	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2740	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2740	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2740	1708	e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe	32
PID 2100 wrote to memory of 1968	2100	Unicorn-19677.exe	33
PID 2100 wrote to memory of 1968	2100	Unicorn-19677.exe	33
PID 2100 wrote to memory of 1968	2100	Unicorn-19677.exe	33
PID 2100 wrote to memory of 1968	2100	Unicorn-19677.exe	33
PID 2600 wrote to memory of 2472	2600	Unicorn-29084.exe	34
PID 2600 wrote to memory of 2472	2600	Unicorn-29084.exe	34
PID 2600 wrote to memory of 2472	2600	Unicorn-29084.exe	34
PID 2600 wrote to memory of 2472	2600	Unicorn-29084.exe	34
PID 2100 wrote to memory of 2968	2100	Unicorn-19677.exe	35
PID 2100 wrote to memory of 2968	2100	Unicorn-19677.exe	35
PID 2100 wrote to memory of 2968	2100	Unicorn-19677.exe	35
PID 2100 wrote to memory of 2968	2100	Unicorn-19677.exe	35
PID 1968 wrote to memory of 1716	1968	Unicorn-22673.exe	36
PID 1968 wrote to memory of 1716	1968	Unicorn-22673.exe	36
PID 1968 wrote to memory of 1716	1968	Unicorn-22673.exe	36
PID 1968 wrote to memory of 1716	1968	Unicorn-22673.exe	36
PID 2472 wrote to memory of 2248	2472	Unicorn-59067.exe	37
PID 2472 wrote to memory of 2248	2472	Unicorn-59067.exe	37
PID 2472 wrote to memory of 2248	2472	Unicorn-59067.exe	37
PID 2472 wrote to memory of 2248	2472	Unicorn-59067.exe	37
PID 2600 wrote to memory of 2764	2600	Unicorn-29084.exe	38
PID 2600 wrote to memory of 2764	2600	Unicorn-29084.exe	38
PID 2600 wrote to memory of 2764	2600	Unicorn-29084.exe	38
PID 2600 wrote to memory of 2764	2600	Unicorn-29084.exe	38
PID 2600 wrote to memory of 2712	2600	Unicorn-29084.exe	39
PID 2600 wrote to memory of 2712	2600	Unicorn-29084.exe	39
PID 2600 wrote to memory of 2712	2600	Unicorn-29084.exe	39
PID 2600 wrote to memory of 2712	2600	Unicorn-29084.exe	39
PID 1716 wrote to memory of 2980	1716	Unicorn-52596.exe	40
PID 1716 wrote to memory of 2980	1716	Unicorn-52596.exe	40
PID 1716 wrote to memory of 2980	1716	Unicorn-52596.exe	40
PID 1716 wrote to memory of 2980	1716	Unicorn-52596.exe	40
PID 1968 wrote to memory of 1312	1968	Unicorn-22673.exe	41
PID 1968 wrote to memory of 1312	1968	Unicorn-22673.exe	41
PID 1968 wrote to memory of 1312	1968	Unicorn-22673.exe	41
PID 1968 wrote to memory of 1312	1968	Unicorn-22673.exe	41
PID 2764 wrote to memory of 880	2764	Unicorn-49067.exe	42
PID 2764 wrote to memory of 880	2764	Unicorn-49067.exe	42
PID 2764 wrote to memory of 880	2764	Unicorn-49067.exe	42
PID 2764 wrote to memory of 880	2764	Unicorn-49067.exe	42
PID 1968 wrote to memory of 2896	1968	Unicorn-22673.exe	43
PID 1968 wrote to memory of 2896	1968	Unicorn-22673.exe	43
PID 1968 wrote to memory of 2896	1968	Unicorn-22673.exe	43
PID 1968 wrote to memory of 2896	1968	Unicorn-22673.exe	43

C:\Users\Admin\AppData\Local\Temp\e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9176b088f9a79e9f41a8a30f89475ad_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 192
      4⤵
      Loads dropped DLL
      Program crash
      PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 376
        9⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 380
        8⤵
        Program crash
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        7⤵
        Executes dropped EXE
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        8⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 368
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        7⤵
        Executes dropped EXE
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 380
        7⤵
        Program crash
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 372
        6⤵
        Program crash
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        7⤵
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 372
        6⤵
        Program crash
        
        PID:3056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 384
        5⤵
        Program crash
        
        PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        7⤵
        
        PID:336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
        8⤵
        Program crash
        
        PID:1388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 380
        7⤵
        Program crash
        
        PID:1320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 380
        6⤵
        Program crash
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        Executes dropped EXE
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 372
        5⤵
        Program crash
        
        PID:2276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:2896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 380
      4⤵
      Program crash
      PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        5⤵
        Executes dropped EXE
        
        PID:1060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 380
        5⤵
        Program crash
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        6⤵
        
        PID:2908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 372
        6⤵
        Program crash
        
        PID:588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 380
        5⤵
        Program crash
        
        PID:2412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 380
      4⤵
      Program crash
      PID:1040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 380
  2⤵
  - Program crash
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe

Filesize
184KB

MD5
c561d341d36d91b08797c23ce785522d

SHA1
fa97d79ebaa9c62ae1d1d793a7112c9c93463351

SHA256
84ee0962852d8e8273e1fd87f4c574814bbf47f4642b38ec961c1f7207cb6bac

SHA512
226e39355ac325a69c4f927402e821692b502eb0661bab5f2526bfd1f9f4746e4ab34e67816d9e5f1be79145ebac90179440b0d12ff0d57c2e34a501f0ea7d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe

Filesize
184KB

MD5
a124f0f2a8cd512cb3316cfac61c05f1

SHA1
e39d6e9d30c354c489b0417d25d517546e4c9f64

SHA256
90117a8e05fc81876fb9d83324c2cac7eafb53bdd42dfea3132af160867b7888

SHA512
04bbcd6e4345a1e528119a8a38e21807bd8c4e8c42def8f2d35624b2482da8d17d14ddb2992b0c95debff1a99bfa5696c5e318786ad6eb201ce351f31dc7cd6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe

Filesize
184KB

MD5
e583d5c56530b57fe674953a66984c08

SHA1
9968b652fae29cb02de02e6c2786ce5c755cda1f

SHA256
1ada1c62fcb84e9976e376eb2439671ef40a9ea32f6411ef86a64bf3e3d0a20a

SHA512
1d4a13fc884440f172a4a2ddcd36b253a11af949e422d78161dbe9d4041bfde11ab526c91295104a8a60d0c53dd894770a439cae88d385a2fd4df32d20ba670e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe

Filesize
184KB

MD5
1f149d1cc8561b97504ff3a1dc3971a0

SHA1
7388b602ff51406e4cd5946947534fcfe88c3213

SHA256
5b8cf03b023cbe8d9f47f8ff25b3dbd0739db213b97eb1aca45c9580da10136a

SHA512
33662dfab734d1a7207b3e5e19a12ab5349cd9ded64965cebe857d287e751ae49ce39d009fb50cb065f04125fc0be1239bac3dbe6d977854fa5d13f0987e7817

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe

Filesize
184KB

MD5
ed1783a9f3b37538fb2278265ebc6d98

SHA1
2bc6c3e539397097d75cc0c5a95983320b697bb6

SHA256
0ea1d2f3da056329e1cbc8d5a8902fcd9fe6acea3efed68e43af9aa764b5424f

SHA512
7d606ffa0138b10048ebd312d78f0c41910acd66b2807669e5d426f9276d0c4f8b21b164ecfcf9992f4ffbfe81011fcb4c43aae67124b5c440c2dff2e1fa09c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe

Filesize
184KB

MD5
1e317e8340728418272951a872944b9c

SHA1
ec184e6c4619b636a044ca654303192bcb0d6d47

SHA256
8d031f79957e80d411257b134f6c92ae8d9c94cd611ffbaa03689070abf0d176

SHA512
2c279a01ad1f8e45eea0c6503447df3ddfc5db439a742474c08836b43c2335c3f6961a64cda2e747fd42a11455198fdb0cd45a73e89ff3b7de3ec4f3a983e089

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe

Filesize
184KB

MD5
da2273bee7fdaa2c4791a4ac3e6abc64

SHA1
9f65a18428e8033510485c71e3325f0f74a3bb09

SHA256
b45b3f68e1290b7f8f607a9ad144dafd647b6a560f9c0d851e181dd286473cfc

SHA512
385e951956c0a7ace258a4c598c59fd85fea1126faf50402c814b49738be24764b8165f40b906166166c9b84881600c520a4f54f50f786699f8fdeb13b3dd473

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe

Filesize
184KB

MD5
e7eb8b3171e422ed59ba96c2885aba87

SHA1
907805939ab21a86cdbde04818b0cfddc979e135

SHA256
fcfc6e842b03d62f26ee355eb303b1e3239168a469f59f6bb3feb125a78276e2

SHA512
6a0d6450be83f5b21364222e542e65b1d519767c3c14672196a0f2b79a0f5a12a844a65564ee132c6a66657dea40987e4e1e6950160c6908a347d061493ab0bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe

Filesize
184KB

MD5
480584223acf1188849b9c426fd58152

SHA1
ce7999b8fb34a31562230dbdf97353bb83a95ef6

SHA256
6c7bb5dc33ec915c6380e143b2715a1a1878b6ae9930db28bb88933d63c466cc

SHA512
46e13c22ad7c17659568bce1cb1b6a47e8bdb19814b082e0382bf1fde13719de0eb26ac6a7113b157ddaabf1f7ed83665ee63ce164bed5db5eeeac427488566e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe

Filesize
184KB

MD5
2cd9c07d42cf4076a91153c93088da41

SHA1
0b3e7639af07d8dad1727113915579c4b7953d15

SHA256
a80c779294fcf734c78fb2003ec4df1ef800f088db9f236036921ad1d7fa895e

SHA512
3464d75fd03f246fb332fffa03dd705145c94383f6ea4bad2f1fe3d1f04358c3f3a21bb45ed5a4d25a70f0cc265849ed2d504d7ba3bed60f8bb84965a0dabf8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe

Filesize
184KB

MD5
e11e129d07b0b2be22693b1ddd8e9cac

SHA1
18539fb7c7a5be808e7a68df97f32439f94cfddd

SHA256
9b55c887a16fcca4525b0f7270758c29271dd6cdd37315f7c7cde1e678a269df

SHA512
57716add1fb4d126c27b5fb779cf265c5e02cd91624d150590834c35900a1bdee69cab9e9f0f4ca516d4e78f1e1e794ecfb2a2ed47af9a56725681408bcaa77c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads