9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:55

Target

9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe
Size

184KB
MD5

6f4beba5ee505c1fae0d5b94f4e85a31
SHA1

1f78cd287a282fecb6f11693e0400de9ce858ef1
SHA256

9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a
SHA512

43632f928021261d76661ed36caa18e45d229198c513784fe6fb0331ffee3654f190a11e6b713d48cdcea2ad9411213f27fd550fc81cf48b563283b1a72d44b4
SSDEEP

1536:zBSJ6jZlu3kxotx11/OAlawMG29yvZc86mddjwLR2VzetWhl5hj5nizpvx:l3a3kxoTj/OTdG4We8wLRKsWhlnViFZ

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

Unicorn-64420.exe

pid process

2432 Unicorn-64420.exe

pid	process
2432	Unicorn-64420.exe

Loads dropped DLL 7 IoCs

Processes:

9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exeWerFault.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
2440	2432	WerFault.exe	Unicorn-64420.exe
2604	1664	WerFault.exe	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exeUnicorn-64420.exe

pid process

1664 9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe
2432 Unicorn-64420.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exeUnicorn-64420.exe

description	pid	process	target process
PID 1664 wrote to memory of 2432	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	Unicorn-64420.exe
PID 1664 wrote to memory of 2432	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	Unicorn-64420.exe
PID 1664 wrote to memory of 2432	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	Unicorn-64420.exe
PID 1664 wrote to memory of 2432	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	Unicorn-64420.exe
PID 2432 wrote to memory of 2440	2432	Unicorn-64420.exe	WerFault.exe
PID 2432 wrote to memory of 2440	2432	Unicorn-64420.exe	WerFault.exe
PID 2432 wrote to memory of 2440	2432	Unicorn-64420.exe	WerFault.exe
PID 2432 wrote to memory of 2440	2432	Unicorn-64420.exe	WerFault.exe
PID 1664 wrote to memory of 2604	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	WerFault.exe
PID 1664 wrote to memory of 2604	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	WerFault.exe
PID 1664 wrote to memory of 2604	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	WerFault.exe
PID 1664 wrote to memory of 2604	1664	9869da10cc14030b61a485e445e379650bdae830103311bf0415353f1ab6935a.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
2⤵
- Program crash
PID:2604

\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
Filesize
184KB

MD5
e6f66b3d3180fb93c312446b39791d65

SHA1
7d8f95161cd9d7453f7d45017d6c27f03c107311

SHA256
7475aa2fe044cebb348d92b213305159a6144d1a326df71c3037283dcfd11279

SHA512
8bf387a465fc07c580f448eebc985fad8e4260b3b1ed14efbcb5b7805a6fd0b3ea83744cecb8008ffce62d1d825325080d418c9db50f23e932db1c4e2c2d8299

Download Submit