89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:04

Target

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
Size

184KB
MD5

c611509cb541fc26d89c9ac8fa25a3d5
SHA1

33164fb1c86295f15f30574b75293164dbcd78de
SHA256

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9
SHA512

cb8e6644f5334b7b15c48f5c03f91ece6b7719014fad1b236bdfd8a818cb44c8655fbb6c30bdd922807b11a1984640c8c517bfcab5823fe3009d4abcb69e4938
SSDEEP

3072:cTa3AioTvJOTjG4WeHwLREPUhl/ViF7n3:cTQo8HG4WLePUhl/ViF7

Score

7^/10

Executes dropped EXE 2 IoCs

Processes:

Unicorn-64526.exeUnicorn-33974.exe

pid process

3048 Unicorn-64526.exe
3384 Unicorn-33974.exe

pid	process
3048	Unicorn-64526.exe
3384	Unicorn-33974.exe

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4672	3048	WerFault.exe	Unicorn-64526.exe
2504	920	WerFault.exe	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
4916	3384	WerFault.exe	Unicorn-33974.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exeUnicorn-64526.exeUnicorn-33974.exe

pid process

920 89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
3048 Unicorn-64526.exe
3384 Unicorn-33974.exe

pid	process
920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe
3048	Unicorn-64526.exe
3384	Unicorn-33974.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe

description	pid	process	target process
PID 920 wrote to memory of 3048	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-64526.exe
PID 920 wrote to memory of 3048	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-64526.exe
PID 920 wrote to memory of 3048	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-64526.exe
PID 920 wrote to memory of 3384	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-33974.exe
PID 920 wrote to memory of 3384	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-33974.exe
PID 920 wrote to memory of 3384	920	89a5195dd16f39d1dbc1d8e766b84726294d349e33f850ed27a7fd4fe9b5ebf9.exe	Unicorn-33974.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 492
3⤵
- Program crash
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 720
3⤵
- Program crash
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 728
2⤵
- Program crash
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3048 -ip 3048
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 920 -ip 920
1⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3384 -ip 3384
1⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33974.exe
Filesize
184KB

MD5
e1d72d7762d2a05b99472511d5d2d68e

SHA1
4b0eed3b9194c0b8a77e86323b559704ae48495d

SHA256
43eaaed5dd733ddfc4426247856bdfb3e1e6497f6728c7dee32b8e1499cefde0

SHA512
7bbc5255c712473d9c679047936d428709671c5723f6b999aabc1a32b00973fe796a0f736b3e67485c5e4ab8447f4a245afef5489f1213dea560b2de15ec38d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
Filesize
184KB

MD5
72759052bbcd7e180afc57b3ec6d8fe0

SHA1
9d8a1598b115bc49dad3a10824350625a5b9dd1d

SHA256
b7a67c41d5004100e81322224bb82228ee4accb7c57da36313bc54f2d98a4919

SHA512
83bc42e7c614bf32cfe08bbfb953274963f6b6c55b5bd01682b979699e341c51a9a10b21f60a2c14ca44e73b671686b602ea53a426dc37ce8009deef4a4feca6

Download Submit