68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:44

Target

68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe
Size

184KB
MD5

6c2bcf8b75012239960c48f248ee667f
SHA1

74d7e4441b6cb66f3bc20ac64b143e17d035ec2e
SHA256

68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d
SHA512

59f2aa2312ae20036ece86643aad3633cf39a604006f0a47760a4697d12664cf5d5cc9b20aa3f3f7f1e4d0e44c0ffb47c357ea86c35f0c3929751aa4ff122909
SSDEEP

3072:FRUoClolNvatdBjweW7LR5wIK4ZIPJxSHsCO5EMUDYhlnVOF6:FRQoS7BjgLR5wIEkX2hlnVOF

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

Unicorn-65173.exe

pid process

2296 Unicorn-65173.exe

pid	process
2296	Unicorn-65173.exe

Loads dropped DLL 11 IoCs

Processes:

68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exeWerFault.exe

pid	process
384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe
384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
2004	2296	WerFault.exe	Unicorn-65173.exe
2596	384	WerFault.exe	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exeUnicorn-65173.exe

pid process

384 68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe
2296 Unicorn-65173.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exeUnicorn-65173.exe

description	pid	process	target process
PID 384 wrote to memory of 2296	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	Unicorn-65173.exe
PID 384 wrote to memory of 2296	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	Unicorn-65173.exe
PID 384 wrote to memory of 2296	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	Unicorn-65173.exe
PID 384 wrote to memory of 2296	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	Unicorn-65173.exe
PID 2296 wrote to memory of 2004	2296	Unicorn-65173.exe	WerFault.exe
PID 2296 wrote to memory of 2004	2296	Unicorn-65173.exe	WerFault.exe
PID 2296 wrote to memory of 2004	2296	Unicorn-65173.exe	WerFault.exe
PID 2296 wrote to memory of 2004	2296	Unicorn-65173.exe	WerFault.exe
PID 384 wrote to memory of 2596	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	WerFault.exe
PID 384 wrote to memory of 2596	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	WerFault.exe
PID 384 wrote to memory of 2596	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	WerFault.exe
PID 384 wrote to memory of 2596	384	68e0a73afe926a910fd522db0ce16a8c5163a6a23b1ebeb1a9b734607fdffa3d.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
2⤵
- Program crash
PID:2596

\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe

Filesize
184KB

MD5
31cdb6d7d5ca7c7c596c85769e9a0bf4

SHA1
8c2233513af32f339fb7bcf30093732b9840e554

SHA256
5d82cb5e7f23e7f1e3a4c91e1d8ffb831a39ab2ec362361ea73fb26039fa1ba4

SHA512
faf43adba63d143fb528a0e5e8e3fc79ecc58c257820cabfdcdc3f43eebbe2348cc9abcea82584b7c7d5345647b7ada7bf12e14b4c7bfa38b808637f03518233

Download Submit