68d85c9d7c72c2ed468de8a9368e395607ee32f403fade69e5dd8d6b66570a5d

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 09:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe
Size

184KB
MD5

f7bf6025320c10c62a80b2077ea162c6
SHA1

b6df7b4339f41fb85e452239cc114cd75118d269
SHA256

68d85c9d7c72c2ed468de8a9368e395607ee32f403fade69e5dd8d6b66570a5d
SHA512

600455a691a5f73a89d03244f1017667688809656990170ec0bae8086cb36f1cbd09ea7130afb3f8b2d3423640b0a90f69262cf62154513bb286a72fb459232e
SSDEEP

3072:/jEZo706nBUmnoHod4Vq3i8IN6CrGz4ku2wxQxnxSNKIvwFY:/jqopBBnFdwq3i8xNTyNKIvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 32 IoCs

pid	Process
2308	Unicorn-40706.exe
2652	Unicorn-33737.exe
2916	Unicorn-64027.exe
2028	Unicorn-32398.exe
2324	Unicorn-49933.exe
1724	Unicorn-38724.exe
2284	Unicorn-26602.exe
540	Unicorn-33265.exe
2684	Unicorn-5719.exe
2216	Unicorn-9933.exe
320	Unicorn-23421.exe
1896	Unicorn-53208.exe
1056	Unicorn-5709.exe
736	Unicorn-39617.exe
2992	Unicorn-61236.exe
2020	Unicorn-57318.exe
2272	Unicorn-33917.exe
2204	Unicorn-63740.exe
3040	Unicorn-24410.exe
2584	Unicorn-46029.exe
2648	Unicorn-18484.exe
3064	Unicorn-40103.exe
1032	Unicorn-36185.exe
1124	Unicorn-16808.exe
268	Unicorn-11374.exe
548	Unicorn-33030.exe
400	Unicorn-45412.exe
1636	Unicorn-13782.exe
3012	Unicorn-27270.exe
1664	Unicorn-19232.exe
2292	Unicorn-62843.exe
2644	Unicorn-64042.exe

Loads dropped DLL 64 IoCs

pid	Process
1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe
1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe
2308	Unicorn-40706.exe
2308	Unicorn-40706.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
2652	Unicorn-33737.exe
2652	Unicorn-33737.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2916	Unicorn-64027.exe
2916	Unicorn-64027.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2028	Unicorn-32398.exe
2028	Unicorn-32398.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2324	Unicorn-49933.exe
2324	Unicorn-49933.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1724	Unicorn-38724.exe
1724	Unicorn-38724.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
2284	Unicorn-26602.exe
2284	Unicorn-26602.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
540	Unicorn-33265.exe
540	Unicorn-33265.exe
2740	WerFault.exe

Program crash 33 IoCs

pid	pid_target	Process	procid_target
2820	1556	WerFault.exe	27
3016	2308	WerFault.exe	28
2596	2652	WerFault.exe	30
2640	2916	WerFault.exe	32
2376	2028	WerFault.exe	34
1280	2324	WerFault.exe	38
1716	1724	WerFault.exe	40
2440	2284	WerFault.exe	42
2740	540	WerFault.exe	44
2944	2684	WerFault.exe	46
2064	2216	WerFault.exe	48
1500	320	WerFault.exe	50
576	1896	WerFault.exe	52
2260	1056	WerFault.exe	54
928	736	WerFault.exe	56
2168	2992	WerFault.exe	58
2264	2020	WerFault.exe	60
2044	2272	WerFault.exe	62
2928	2204	WerFault.exe	64
2476	3040	WerFault.exe	66
1296	2584	WerFault.exe	68
828	2648	WerFault.exe	70
1892	3064	WerFault.exe	72
1708	1032	WerFault.exe	74
1332	1124	WerFault.exe	76
1824	268	WerFault.exe	78
852	548	WerFault.exe	80
1752	400	WerFault.exe	82
560	1636	WerFault.exe	84
1660	3012	WerFault.exe	86
3044	1664	WerFault.exe	88
1836	2644	WerFault.exe	92
1044	2292	WerFault.exe	90

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe
2308	Unicorn-40706.exe
2652	Unicorn-33737.exe
2916	Unicorn-64027.exe
2028	Unicorn-32398.exe
2324	Unicorn-49933.exe
1724	Unicorn-38724.exe
2284	Unicorn-26602.exe
540	Unicorn-33265.exe
2684	Unicorn-5719.exe
2216	Unicorn-9933.exe
320	Unicorn-23421.exe
1896	Unicorn-53208.exe
1056	Unicorn-5709.exe
736	Unicorn-39617.exe
2992	Unicorn-61236.exe
2020	Unicorn-57318.exe
2272	Unicorn-33917.exe
2204	Unicorn-63740.exe
3040	Unicorn-24410.exe
2584	Unicorn-46029.exe
2648	Unicorn-18484.exe
3064	Unicorn-40103.exe
1032	Unicorn-36185.exe
1124	Unicorn-16808.exe
268	Unicorn-11374.exe
548	Unicorn-33030.exe
400	Unicorn-45412.exe
1636	Unicorn-13782.exe
3012	Unicorn-27270.exe
1664	Unicorn-19232.exe
2292	Unicorn-62843.exe
2644	Unicorn-64042.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2308	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	28
PID 1556 wrote to memory of 2308	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	28
PID 1556 wrote to memory of 2308	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	28
PID 1556 wrote to memory of 2308	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	28
PID 1556 wrote to memory of 2820	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	29
PID 1556 wrote to memory of 2820	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	29
PID 1556 wrote to memory of 2820	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	29
PID 1556 wrote to memory of 2820	1556	f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe	29
PID 2308 wrote to memory of 2652	2308	Unicorn-40706.exe	30
PID 2308 wrote to memory of 2652	2308	Unicorn-40706.exe	30
PID 2308 wrote to memory of 2652	2308	Unicorn-40706.exe	30
PID 2308 wrote to memory of 2652	2308	Unicorn-40706.exe	30
PID 2308 wrote to memory of 3016	2308	Unicorn-40706.exe	31
PID 2308 wrote to memory of 3016	2308	Unicorn-40706.exe	31
PID 2308 wrote to memory of 3016	2308	Unicorn-40706.exe	31
PID 2308 wrote to memory of 3016	2308	Unicorn-40706.exe	31
PID 2652 wrote to memory of 2916	2652	Unicorn-33737.exe	32
PID 2652 wrote to memory of 2916	2652	Unicorn-33737.exe	32
PID 2652 wrote to memory of 2916	2652	Unicorn-33737.exe	32
PID 2652 wrote to memory of 2916	2652	Unicorn-33737.exe	32
PID 2652 wrote to memory of 2596	2652	Unicorn-33737.exe	33
PID 2652 wrote to memory of 2596	2652	Unicorn-33737.exe	33
PID 2652 wrote to memory of 2596	2652	Unicorn-33737.exe	33
PID 2652 wrote to memory of 2596	2652	Unicorn-33737.exe	33
PID 2916 wrote to memory of 2028	2916	Unicorn-64027.exe	34
PID 2916 wrote to memory of 2028	2916	Unicorn-64027.exe	34
PID 2916 wrote to memory of 2028	2916	Unicorn-64027.exe	34
PID 2916 wrote to memory of 2028	2916	Unicorn-64027.exe	34
PID 2916 wrote to memory of 2640	2916	Unicorn-64027.exe	35
PID 2916 wrote to memory of 2640	2916	Unicorn-64027.exe	35
PID 2916 wrote to memory of 2640	2916	Unicorn-64027.exe	35
PID 2916 wrote to memory of 2640	2916	Unicorn-64027.exe	35
PID 2028 wrote to memory of 2324	2028	Unicorn-32398.exe	38
PID 2028 wrote to memory of 2324	2028	Unicorn-32398.exe	38
PID 2028 wrote to memory of 2324	2028	Unicorn-32398.exe	38
PID 2028 wrote to memory of 2324	2028	Unicorn-32398.exe	38
PID 2028 wrote to memory of 2376	2028	Unicorn-32398.exe	39
PID 2028 wrote to memory of 2376	2028	Unicorn-32398.exe	39
PID 2028 wrote to memory of 2376	2028	Unicorn-32398.exe	39
PID 2028 wrote to memory of 2376	2028	Unicorn-32398.exe	39
PID 2324 wrote to memory of 1724	2324	Unicorn-49933.exe	40
PID 2324 wrote to memory of 1724	2324	Unicorn-49933.exe	40
PID 2324 wrote to memory of 1724	2324	Unicorn-49933.exe	40
PID 2324 wrote to memory of 1724	2324	Unicorn-49933.exe	40
PID 2324 wrote to memory of 1280	2324	Unicorn-49933.exe	41
PID 2324 wrote to memory of 1280	2324	Unicorn-49933.exe	41
PID 2324 wrote to memory of 1280	2324	Unicorn-49933.exe	41
PID 2324 wrote to memory of 1280	2324	Unicorn-49933.exe	41
PID 1724 wrote to memory of 2284	1724	Unicorn-38724.exe	42
PID 1724 wrote to memory of 2284	1724	Unicorn-38724.exe	42
PID 1724 wrote to memory of 2284	1724	Unicorn-38724.exe	42
PID 1724 wrote to memory of 2284	1724	Unicorn-38724.exe	42
PID 1724 wrote to memory of 1716	1724	Unicorn-38724.exe	43
PID 1724 wrote to memory of 1716	1724	Unicorn-38724.exe	43
PID 1724 wrote to memory of 1716	1724	Unicorn-38724.exe	43
PID 1724 wrote to memory of 1716	1724	Unicorn-38724.exe	43
PID 2284 wrote to memory of 540	2284	Unicorn-26602.exe	44
PID 2284 wrote to memory of 540	2284	Unicorn-26602.exe	44
PID 2284 wrote to memory of 540	2284	Unicorn-26602.exe	44
PID 2284 wrote to memory of 540	2284	Unicorn-26602.exe	44
PID 2284 wrote to memory of 2440	2284	Unicorn-26602.exe	45
PID 2284 wrote to memory of 2440	2284	Unicorn-26602.exe	45
PID 2284 wrote to memory of 2440	2284	Unicorn-26602.exe	45
PID 2284 wrote to memory of 2440	2284	Unicorn-26602.exe	45

C:\Users\Admin\AppData\Local\Temp\f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7bf6025320c10c62a80b2077ea162c6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 188
        34⤵
        Program crash
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        33⤵
        Program crash
        
        PID:1044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        32⤵
        Program crash
        
        PID:3044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        31⤵
        Program crash
        
        PID:1660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        30⤵
        Program crash
        
        PID:560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 236
        29⤵
        Program crash
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        28⤵
        Program crash
        
        PID:852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
        27⤵
        Program crash
        
        PID:1824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        26⤵
        Program crash
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        25⤵
        Program crash
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        24⤵
        Program crash
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        23⤵
        Program crash
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        22⤵
        Program crash
        
        PID:1296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        21⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        20⤵
        Program crash
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        19⤵
        Program crash
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        18⤵
        Program crash
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        17⤵
        Program crash
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 236
        16⤵
        Program crash
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        15⤵
        Program crash
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        14⤵
        Program crash
        
        PID:576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        13⤵
        Program crash
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        12⤵
        Program crash
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        11⤵
        Program crash
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
  2⤵
  - Program crash
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe

Filesize
184KB

MD5
54c05ff643506c10aec29b69594b13ab

SHA1
a6ac8d6558518736be73cfd87ce2fd19a4e69e91

SHA256
a1b4675098e8e28b96eae63f41a4100002f45f32c62409b3a5744efe20c782d5

SHA512
c386a3b065367a7207f0d24cd2a8bfdf8c181d8470e733461caf6414ae041e5eb633494785d35bfbd9a29debdd6842d6c5af9f2c4c3998baecb7767862833e44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe

Filesize
184KB

MD5
cfc088cc8041726a9a9125f1c4930119

SHA1
6a2ff863fedc860ea20f6fa20a76cb9dcedf8ed1

SHA256
376063bd6a718e282078dc6a3ccbb9eb6bc8eefe31e531144b38b3053d800454

SHA512
de30ac01c0bb6ecebf4d68a9ae5bde628521e268f01e35439166d5e446e731988ca99a503d9fba7ec50d5db74a7bcb4f8f34a8f8d43fe41e39835b51647dc13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe

Filesize
184KB

MD5
4dceef16e2bcd13091427b9615d2649e

SHA1
150fd77be55264d2e82ac2a47adde45b198da65b

SHA256
4c181e0e340981c77acf5646ba5ab9dc6d4479dc504c44ab9cf104f5b043512b

SHA512
b6a56c11b2c07000298180bbe378f1a781acd1c8383a48c8893ed14ddbf2c445ebeb30904c54130fe4b1816cf3c600e119d1bb6e4e9f9a2a1baf5bcf5d243cda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe

Filesize
184KB

MD5
1938fd2968018798ad371375c46b79b8

SHA1
a2b33efcde10f85a9aa93d7fadb7ee53f5b1abe7

SHA256
65b0e035c10ff03103baa1ce26506b21a7c7bbb5dd26b12e18dad9c1c14f1516

SHA512
670049ce9f4f83323cc4ea52dcb38458ae38670771479ef0730bda566036fcd0a9040ab6ca78293c476086b2eeeb9b7c4238ed71956cf124f0b25e2044e1ca5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe

Filesize
184KB

MD5
9d3e00cda057f796478acd08a62cf6ac

SHA1
a04b1001ee1e8ac1d1de523c9fde0b2a8f2d3e32

SHA256
919f78d795c1897ddbe4d369396843eefb705fe2c5f7252b95134619cee28874

SHA512
d2eba405cbcdd3d2f8e5320b68ec389822450a1b3be1f0fa0f8ba7e8d2eefec12cf5ca1d84ffca994a1e384c9bbdb77f29b4bd5fa0d3453901c42c5c86d9ace2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe

Filesize
184KB

MD5
80c78c106b625df95a662603acae73f4

SHA1
22c00c308bcd4578a6bf41fc12a91c4ce502ebc4

SHA256
2b6af66c2eff4a819464fd4368987237d3331967ee240892ef80fa259bd622ef

SHA512
94c16e56db06ee52e0c049e622ffd1a5c65c16d69d9227b4742e0075952950aecff5770c13cef9f074320979ac1775a6e7f4dfc6c7aa94b1e5013ff213f21f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe

Filesize
184KB

MD5
7a87a9bce045eb83eb6a380184864a20

SHA1
28212d6005534b8e83ea733838753e9c3df8b548

SHA256
53845c320dc304e49be08a32c1e6723baa2e5467d7af8f9dcb428220eed8105c

SHA512
be10a504b4bf22366f6a64973b92c4b06b6008ea41557b05df8844f4a475cc1d8a711d66ef7f8e344a37fc55b94700f55bb6f0884ca611828ee2b2fe40f6046a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe

Filesize
184KB

MD5
40ed9f4b2cc11b3af4e3b7709f482698

SHA1
f0576bef44b8550c2dca370e7fde112a39984018

SHA256
fdeea576452a0a48ffcef8d83f4f8969d7ee5436e50bb83c3f9a2f84ce01a7ad

SHA512
5196f13188c4a8bb9af4ea687534a92979b22b584fdb95dd4464dfa724441450f99ff06ce7171eb7a7d7d90f2e655fe6bdcd6b05c19d6bf29d7a6cea7d225c83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe

Filesize
184KB

MD5
280f943ef595dd843d55070fa566c2ca

SHA1
76dead975fe6cea1b9982a99d3bae2e8b3900428

SHA256
63ae671437ac1f2f1fb9cdb1bee33c603e73eac9fd55ed63a2b31d5bfb016cff

SHA512
ef54442447abac1a27696b7e95bf07ed8b973732120b72df522570d26218e3012c83df85863ef784d6557772eb858dd91d7f8e2a92dbf6f97c87812ea1c6a12b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads