75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
Size

184KB
MD5

063b39729592093c97ee82f848a34a27
SHA1

ed593ab26cd80df3efe5712b60caf7a458cc738a
SHA256

75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5
SHA512

329227c769bbc7b97681ce5746f0c808b565ba16c850582abca9f2a14c9ccbe66dfd83f0d194e80978d06bbd581d7750a87ca4131faa4cdf753a4b9649d8e50c
SSDEEP

1536:t2ZG6RZ543y8otx1t4hAlawMoM9yvZc8hmddjPti29TetsElbhj5nizpvz:kfm3y8oT74hTdoaWeTPtiSssElxViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 19 IoCs

Processes:

Unicorn-34175.exeUnicorn-64984.exeUnicorn-51746.exeUnicorn-13126.exeUnicorn-17294.exeUnicorn-16944.exeUnicorn-51837.exeUnicorn-21386.exeUnicorn-34790.exeUnicorn-26705.exeUnicorn-6139.exeUnicorn-54354.exeUnicorn-11458.exeUnicorn-59865.exeUnicorn-51780.exeUnicorn-43695.exeUnicorn-14084.exeUnicorn-6575.exeUnicorn-64027.exe

pid	process
1032	Unicorn-34175.exe
2944	Unicorn-64984.exe
2472	Unicorn-51746.exe
2564	Unicorn-13126.exe
2532	Unicorn-17294.exe
2504	Unicorn-16944.exe
2620	Unicorn-51837.exe
1680	Unicorn-21386.exe
2104	Unicorn-34790.exe
1816	Unicorn-26705.exe
1284	Unicorn-6139.exe
912	Unicorn-54354.exe
1148	Unicorn-11458.exe
1656	Unicorn-59865.exe
320	Unicorn-51780.exe
2220	Unicorn-43695.exe
2236	Unicorn-14084.exe
2792	Unicorn-6575.exe
2180	Unicorn-64027.exe

Loads dropped DLL 64 IoCs

Processes:

75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exeUnicorn-34175.exeWerFault.exeUnicorn-64984.exeWerFault.exeUnicorn-51746.exeWerFault.exeUnicorn-13126.exeWerFault.exeUnicorn-17294.exeWerFault.exeUnicorn-16944.exeWerFault.exeUnicorn-51837.exeWerFault.exe

pid	process
1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
1032	Unicorn-34175.exe
1032	Unicorn-34175.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2944	Unicorn-64984.exe
2944	Unicorn-64984.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2472	Unicorn-51746.exe
2472	Unicorn-51746.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
1716	WerFault.exe
2564	Unicorn-13126.exe
2564	Unicorn-13126.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
2532	Unicorn-17294.exe
2532	Unicorn-17294.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2764	WerFault.exe
2504	Unicorn-16944.exe
2504	Unicorn-16944.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2620	Unicorn-51837.exe
2620	Unicorn-51837.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe

Program crash 20 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2056	1976	WerFault.exe	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
2548	1032	WerFault.exe	Unicorn-34175.exe
2500	2944	WerFault.exe	Unicorn-64984.exe
1716	2472	WerFault.exe	Unicorn-51746.exe
3040	2564	WerFault.exe	Unicorn-13126.exe
2764	2532	WerFault.exe	Unicorn-17294.exe
2204	2504	WerFault.exe	Unicorn-16944.exe
1700	2620	WerFault.exe	Unicorn-51837.exe
2948	1680	WerFault.exe	Unicorn-21386.exe
324	2104	WerFault.exe	Unicorn-34790.exe
588	1816	WerFault.exe	Unicorn-26705.exe
608	1284	WerFault.exe	Unicorn-6139.exe
852	912	WerFault.exe	Unicorn-54354.exe
876	1148	WerFault.exe	Unicorn-11458.exe
1808	1656	WerFault.exe	Unicorn-59865.exe
2076	320	WerFault.exe	Unicorn-51780.exe
1696	2220	WerFault.exe	Unicorn-43695.exe
2744	2236	WerFault.exe	Unicorn-14084.exe
2452	2792	WerFault.exe	Unicorn-6575.exe
2832	2180	WerFault.exe	Unicorn-64027.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exeUnicorn-34175.exeUnicorn-64984.exeUnicorn-51746.exeUnicorn-13126.exeUnicorn-17294.exeUnicorn-16944.exeUnicorn-51837.exeUnicorn-21386.exeUnicorn-34790.exeUnicorn-26705.exeUnicorn-6139.exeUnicorn-54354.exeUnicorn-11458.exeUnicorn-59865.exeUnicorn-51780.exeUnicorn-43695.exeUnicorn-14084.exeUnicorn-6575.exeUnicorn-64027.exe

pid	process
1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
1032	Unicorn-34175.exe
2944	Unicorn-64984.exe
2472	Unicorn-51746.exe
2564	Unicorn-13126.exe
2532	Unicorn-17294.exe
2504	Unicorn-16944.exe
2620	Unicorn-51837.exe
1680	Unicorn-21386.exe
2104	Unicorn-34790.exe
1816	Unicorn-26705.exe
1284	Unicorn-6139.exe
912	Unicorn-54354.exe
1148	Unicorn-11458.exe
1656	Unicorn-59865.exe
320	Unicorn-51780.exe
2220	Unicorn-43695.exe
2236	Unicorn-14084.exe
2792	Unicorn-6575.exe
2180	Unicorn-64027.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exeUnicorn-34175.exeUnicorn-64984.exeUnicorn-51746.exeUnicorn-13126.exeUnicorn-17294.exeUnicorn-16944.exeUnicorn-51837.exe

description	pid	process	target process
PID 1976 wrote to memory of 1032	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	Unicorn-34175.exe
PID 1976 wrote to memory of 1032	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	Unicorn-34175.exe
PID 1976 wrote to memory of 1032	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	Unicorn-34175.exe
PID 1976 wrote to memory of 1032	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	Unicorn-34175.exe
PID 1976 wrote to memory of 2056	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	WerFault.exe
PID 1976 wrote to memory of 2056	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	WerFault.exe
PID 1976 wrote to memory of 2056	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	WerFault.exe
PID 1976 wrote to memory of 2056	1976	75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe	WerFault.exe
PID 1032 wrote to memory of 2944	1032	Unicorn-34175.exe	Unicorn-64984.exe
PID 1032 wrote to memory of 2944	1032	Unicorn-34175.exe	Unicorn-64984.exe
PID 1032 wrote to memory of 2944	1032	Unicorn-34175.exe	Unicorn-64984.exe
PID 1032 wrote to memory of 2944	1032	Unicorn-34175.exe	Unicorn-64984.exe
PID 1032 wrote to memory of 2548	1032	Unicorn-34175.exe	WerFault.exe
PID 1032 wrote to memory of 2548	1032	Unicorn-34175.exe	WerFault.exe
PID 1032 wrote to memory of 2548	1032	Unicorn-34175.exe	WerFault.exe
PID 1032 wrote to memory of 2548	1032	Unicorn-34175.exe	WerFault.exe
PID 2944 wrote to memory of 2472	2944	Unicorn-64984.exe	Unicorn-51746.exe
PID 2944 wrote to memory of 2472	2944	Unicorn-64984.exe	Unicorn-51746.exe
PID 2944 wrote to memory of 2472	2944	Unicorn-64984.exe	Unicorn-51746.exe
PID 2944 wrote to memory of 2472	2944	Unicorn-64984.exe	Unicorn-51746.exe
PID 2944 wrote to memory of 2500	2944	Unicorn-64984.exe	WerFault.exe
PID 2944 wrote to memory of 2500	2944	Unicorn-64984.exe	WerFault.exe
PID 2944 wrote to memory of 2500	2944	Unicorn-64984.exe	WerFault.exe
PID 2944 wrote to memory of 2500	2944	Unicorn-64984.exe	WerFault.exe
PID 2472 wrote to memory of 2564	2472	Unicorn-51746.exe	Unicorn-13126.exe
PID 2472 wrote to memory of 2564	2472	Unicorn-51746.exe	Unicorn-13126.exe
PID 2472 wrote to memory of 2564	2472	Unicorn-51746.exe	Unicorn-13126.exe
PID 2472 wrote to memory of 2564	2472	Unicorn-51746.exe	Unicorn-13126.exe
PID 2472 wrote to memory of 1716	2472	Unicorn-51746.exe	WerFault.exe
PID 2472 wrote to memory of 1716	2472	Unicorn-51746.exe	WerFault.exe
PID 2472 wrote to memory of 1716	2472	Unicorn-51746.exe	WerFault.exe
PID 2472 wrote to memory of 1716	2472	Unicorn-51746.exe	WerFault.exe
PID 2564 wrote to memory of 2532	2564	Unicorn-13126.exe	Unicorn-17294.exe
PID 2564 wrote to memory of 2532	2564	Unicorn-13126.exe	Unicorn-17294.exe
PID 2564 wrote to memory of 2532	2564	Unicorn-13126.exe	Unicorn-17294.exe
PID 2564 wrote to memory of 2532	2564	Unicorn-13126.exe	Unicorn-17294.exe
PID 2564 wrote to memory of 3040	2564	Unicorn-13126.exe	WerFault.exe
PID 2564 wrote to memory of 3040	2564	Unicorn-13126.exe	WerFault.exe
PID 2564 wrote to memory of 3040	2564	Unicorn-13126.exe	WerFault.exe
PID 2564 wrote to memory of 3040	2564	Unicorn-13126.exe	WerFault.exe
PID 2532 wrote to memory of 2504	2532	Unicorn-17294.exe	Unicorn-16944.exe
PID 2532 wrote to memory of 2504	2532	Unicorn-17294.exe	Unicorn-16944.exe
PID 2532 wrote to memory of 2504	2532	Unicorn-17294.exe	Unicorn-16944.exe
PID 2532 wrote to memory of 2504	2532	Unicorn-17294.exe	Unicorn-16944.exe
PID 2532 wrote to memory of 2764	2532	Unicorn-17294.exe	WerFault.exe
PID 2532 wrote to memory of 2764	2532	Unicorn-17294.exe	WerFault.exe
PID 2532 wrote to memory of 2764	2532	Unicorn-17294.exe	WerFault.exe
PID 2532 wrote to memory of 2764	2532	Unicorn-17294.exe	WerFault.exe
PID 2504 wrote to memory of 2620	2504	Unicorn-16944.exe	Unicorn-51837.exe
PID 2504 wrote to memory of 2620	2504	Unicorn-16944.exe	Unicorn-51837.exe
PID 2504 wrote to memory of 2620	2504	Unicorn-16944.exe	Unicorn-51837.exe
PID 2504 wrote to memory of 2620	2504	Unicorn-16944.exe	Unicorn-51837.exe
PID 2504 wrote to memory of 2204	2504	Unicorn-16944.exe	WerFault.exe
PID 2504 wrote to memory of 2204	2504	Unicorn-16944.exe	WerFault.exe
PID 2504 wrote to memory of 2204	2504	Unicorn-16944.exe	WerFault.exe
PID 2504 wrote to memory of 2204	2504	Unicorn-16944.exe	WerFault.exe
PID 2620 wrote to memory of 1680	2620	Unicorn-51837.exe	Unicorn-21386.exe
PID 2620 wrote to memory of 1680	2620	Unicorn-51837.exe	Unicorn-21386.exe
PID 2620 wrote to memory of 1680	2620	Unicorn-51837.exe	Unicorn-21386.exe
PID 2620 wrote to memory of 1680	2620	Unicorn-51837.exe	Unicorn-21386.exe
PID 2620 wrote to memory of 1700	2620	Unicorn-51837.exe	WerFault.exe
PID 2620 wrote to memory of 1700	2620	Unicorn-51837.exe	WerFault.exe
PID 2620 wrote to memory of 1700	2620	Unicorn-51837.exe	WerFault.exe
PID 2620 wrote to memory of 1700	2620	Unicorn-51837.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe
"C:\Users\Admin\AppData\Local\Temp\75ac0ea0a83a1f0846e626255d7ebe390e38bb240055a4cb0852053d331cbcb5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
21⤵
- Program crash
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
20⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
19⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
18⤵
- Program crash
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
17⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
16⤵
- Program crash
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
15⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
14⤵
- Program crash
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
13⤵
- Program crash
PID:608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
12⤵
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
11⤵
- Program crash
PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
10⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
9⤵
- Loads dropped DLL
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
8⤵
- Loads dropped DLL
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
7⤵
- Loads dropped DLL
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
6⤵
- Loads dropped DLL
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
2⤵
- Program crash
PID:2056

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
Filesize
184KB

MD5
3bf4bc79b2b802cbbbb188eec1f65486

SHA1
f266879cbe8905e5848f71e06aefe384572ba7d4

SHA256
55238b5ec133d8039e817bbd8b359599a9898ce201e32dd60d88aa6837be4f67

SHA512
423c2780c612af70f8c8fd8c71dbb828f98e6041ac9e1829da2fece33f592ab4ec0342d781e62fa30a8f47a2983a7c100f44d26efa1e2ec37fc96f8eb181baea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
Filesize
184KB

MD5
8255deaf34b95c5a6af4bbdaa275ef2d

SHA1
f1deb2cbdef1233643237c60e3d79ea7a2d1bcd9

SHA256
37536f41e2422296457d249924a55d3d77c6cb76af2aab95d71072b54d82ef13

SHA512
86f9521cb1b870b0ce995822acdcf86cb8a45785d8baa88a78093910f9f27accf100c72a57f65f90a0910161c09354407fedff1a5d8312c26d3bdc1da24fa7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
Filesize
184KB

MD5
52ae8cd63eea9a7a671c70ae394257c2

SHA1
b44481aad1aa53acb3b1ed6abb9691c32e327f33

SHA256
2c8bec781c753ea2d1a3e2d3992991025740d2a9dba60085eaf018fc97286a3b

SHA512
60e4358b4b442421684583f791c18c3cd90a004c42368ab0b35a9ed9572523bbe9ea94a5fcd0fed8c311a32857e58aa6edea5152ceb6f37b9e0ef16429d30c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
Filesize
184KB

MD5
8dafaab2e94382c9eaa8ee7634be9974

SHA1
c0ee4ad440e731e7267c84fc18d781fdfe0e1b1b

SHA256
73f7984ea8dcac18fb0a252910758c3631996c2c637c661e97e3bf4d2553b5e0

SHA512
7bc883816dac9b1cb303f22548e60f4345268575f974da79134aed0456cbc184c951e8ac834a90d45bf8208adeac7ec65733cb9b67281485bfedf88d1c111f37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
Filesize
184KB

MD5
b72a6ffb25c36a1453f9bff1d155f251

SHA1
8dfd15df59774e3266d27416925f369fd16245ca

SHA256
19ba3db88bce44b23576869c764b963a4d5c2895d6e9b15652721166b1206940

SHA512
c0bd690797435b32ab9e76f4d23d06332dbd429a12ffbe4570db14926321a0788f1d1b19cb7270437849b28be44d6383fe9173ef080ca32f85ab2dff8a476267

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
Filesize
184KB

MD5
33785fa94970194f5f73ce08adc03ad6

SHA1
f130cb9f671c11bc1807ef9632ee98877849326c

SHA256
a1f8ae526c39aac8b1ec1d0ab2205d34406ee667764c8b651cb68f6aee105bd2

SHA512
ffd91c14cc6db0fba843bfb307a59b5c07943faf918f1fc39eaf27f0654d6a1fb52484eb9dd4612f99d8d76ff7f93306ae778377903e73708e7382f3cfad9ff3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
Filesize
184KB

MD5
e3be46e7993dd151c1b846fde93e0003

SHA1
1f108da8252b524f2f577f5ebaf8ed1c280b1139

SHA256
579476379bdcce76a73d879ee42490476f3d4ef37089950506dc867baa1df564

SHA512
87a977a2400c50a16635215903d02660aa5156e0de08a7dd9dcf36491a8aa42aedc4cdd905402fcea82d20b24f6411c578e48054aa721a9a8254b1194c3dfe1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
Filesize
184KB

MD5
5f229b2931879887fc2f8a6a2fb11263

SHA1
a5a3954bd4b061f21177de0f5175fba37f60842b

SHA256
d8e23274e6198cb80a5fc53a5ee9b922e6f14b6a25e2994ef35e2c674993d098

SHA512
8b9b72098f30d50e589980d713fcb7b1301e0eeb7226ed800e1a62f07e5fd87a87bccee92d4ae5a6af113274f8ff5b8027410f95471a6aeddb361f64dad5a535

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
Filesize
184KB

MD5
61d521edad43962e316b64da41aec129

SHA1
15eec6e07b5d4d5da2bed053be46bf68bd41c72d

SHA256
95bf69cedaaae5ee85739f6f8ea8fbcb2ae572183988e6eae172311a110d22f0

SHA512
15b831b7f14334d2950c994faf2b05dd2f6c1afec5730a410e6d1fffe7c2c9bd738e0cc366f120c6b725b5cf921ac9e85cf9c1f61cc3f525b67000eb15dbb5bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads