abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312

General

Target

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
Size

184KB
MD5

22a2c4a76ac6916bf64d255c22ed5392
SHA1

93b410b5d26c2f87912e9eaf740f100cf649751f
SHA256

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312
SHA512

3c8b9555a8007f42235b41e692a95f0b10b9c635d2b6b9c70aa6c41aea2db26cdcc64094432006589090596e6c991a5816a50aab6a6cab529d7f8f4ebf64f38c
SSDEEP

3072:PcY3rMoT74BCdFaWeJ1LRKsRhl1ViF7n3:PcXoquFaBLYsRhl1ViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 43 IoCs

Processes:

Unicorn-38601.exeUnicorn-60708.exeUnicorn-43690.exeUnicorn-15335.exeUnicorn-25287.exeUnicorn-13595.exeUnicorn-6730.exeUnicorn-32634.exeUnicorn-31327.exeUnicorn-39633.exeUnicorn-15170.exeUnicorn-56629.exeUnicorn-48599.exeUnicorn-24329.exeUnicorn-29851.exeUnicorn-55946.exeUnicorn-17094.exeUnicorn-8378.exeUnicorn-49453.exeUnicorn-11726.exeUnicorn-35684.exeUnicorn-61683.exeUnicorn-52872.exeUnicorn-25626.exeUnicorn-35289.exeUnicorn-58862.exeUnicorn-19325.exeUnicorn-11582.exeUnicorn-39645.exeUnicorn-27435.exeUnicorn-15897.exeUnicorn-50749.exeUnicorn-5316.exeUnicorn-8853.exeUnicorn-47105.exeUnicorn-16421.exeUnicorn-57840.exeUnicorn-46206.exeUnicorn-34284.exeUnicorn-57076.exeUnicorn-23704.exeUnicorn-11589.exeUnicorn-65492.exe

pid	process
2072	Unicorn-38601.exe
2676	Unicorn-60708.exe
2784	Unicorn-43690.exe
2584	Unicorn-15335.exe
2352	Unicorn-25287.exe
1884	Unicorn-13595.exe
2392	Unicorn-6730.exe
2756	Unicorn-32634.exe
2412	Unicorn-31327.exe
2340	Unicorn-39633.exe
580	Unicorn-15170.exe
1712	Unicorn-56629.exe
2840	Unicorn-48599.exe
1316	Unicorn-24329.exe
1960	Unicorn-29851.exe
1984	Unicorn-55946.exe
2936	Unicorn-17094.exe
2644	Unicorn-8378.exe
2660	Unicorn-49453.exe
2088	Unicorn-11726.exe
2188	Unicorn-35684.exe
1188	Unicorn-61683.exe
2752	Unicorn-52872.exe
1596	Unicorn-25626.exe
1328	Unicorn-35289.exe
1936	Unicorn-58862.exe
1152	Unicorn-19325.exe
1156	Unicorn-11582.exe
1484	Unicorn-39645.exe
2092	Unicorn-27435.exe
1976	Unicorn-15897.exe
2472	Unicorn-50749.exe
2896	Unicorn-5316.exe
1472	Unicorn-8853.exe
1364	Unicorn-47105.exe
1108	Unicorn-16421.exe
1116	Unicorn-57840.exe
2984	Unicorn-46206.exe
2592	Unicorn-34284.exe
1216	Unicorn-57076.exe
872	Unicorn-23704.exe
924	Unicorn-11589.exe
1632	Unicorn-65492.exe

Loads dropped DLL 64 IoCs

Processes:

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exeUnicorn-38601.exeWerFault.exeUnicorn-60708.exeWerFault.exeUnicorn-43690.exeWerFault.exeUnicorn-15335.exeWerFault.exeUnicorn-25287.exeWerFault.exeUnicorn-13595.exeWerFault.exeUnicorn-6730.exeWerFault.exeUnicorn-32634.exeWerFault.exeUnicorn-31327.exeWerFault.exe

pid	process
1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
2072	Unicorn-38601.exe
2072	Unicorn-38601.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2676	Unicorn-60708.exe
2676	Unicorn-60708.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2784	Unicorn-43690.exe
2784	Unicorn-43690.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
2584	Unicorn-15335.exe
2584	Unicorn-15335.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
2352	Unicorn-25287.exe
2352	Unicorn-25287.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1884	Unicorn-13595.exe
1884	Unicorn-13595.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
2392	Unicorn-6730.exe
2392	Unicorn-6730.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2756	Unicorn-32634.exe
2756	Unicorn-32634.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2412	Unicorn-31327.exe
2412	Unicorn-31327.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe

Program crash 44 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2132	1932	WerFault.exe	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
2588	2072	WerFault.exe	Unicorn-38601.exe
2576	2676	WerFault.exe	Unicorn-60708.exe
1996	2784	WerFault.exe	Unicorn-43690.exe
1464	2584	WerFault.exe	Unicorn-15335.exe
1580	2352	WerFault.exe	Unicorn-25287.exe
1652	1884	WerFault.exe	Unicorn-13595.exe
2908	2392	WerFault.exe	Unicorn-6730.exe
2124	2756	WerFault.exe	Unicorn-32634.exe
704	2412	WerFault.exe	Unicorn-31327.exe
1788	2340	WerFault.exe	Unicorn-39633.exe
2008	580	WerFault.exe	Unicorn-15170.exe
768	1712	WerFault.exe	Unicorn-56629.exe
316	2840	WerFault.exe	Unicorn-48599.exe
1452	1316	WerFault.exe	Unicorn-24329.exe
892	1960	WerFault.exe	Unicorn-29851.exe
1956	1984	WerFault.exe	Unicorn-55946.exe
1492	2936	WerFault.exe	Unicorn-17094.exe
2968	2644	WerFault.exe	Unicorn-8378.exe
2636	2660	WerFault.exe	Unicorn-49453.exe
2480	2088	WerFault.exe	Unicorn-11726.exe
2524	2188	WerFault.exe	Unicorn-35684.exe
1236	1188	WerFault.exe	Unicorn-61683.exe
1896	2752	WerFault.exe	Unicorn-52872.exe
1700	1596	WerFault.exe	Unicorn-25626.exe
1876	1328	WerFault.exe	Unicorn-35289.exe
1424	1936	WerFault.exe	Unicorn-58862.exe
1512	1152	WerFault.exe	Unicorn-19325.exe
2804	1156	WerFault.exe	Unicorn-11582.exe
1548	1484	WerFault.exe	Unicorn-39645.exe
2172	2092	WerFault.exe	Unicorn-27435.exe
2508	1976	WerFault.exe	Unicorn-15897.exe
2056	2472	WerFault.exe	Unicorn-50749.exe
1612	2896	WerFault.exe	Unicorn-5316.exe
2104	1472	WerFault.exe	Unicorn-8853.exe
672	1364	WerFault.exe	Unicorn-47105.exe
1736	1108	WerFault.exe	Unicorn-16421.exe
2204	1116	WerFault.exe	Unicorn-57840.exe
2652	2984	WerFault.exe	Unicorn-46206.exe
608	2592	WerFault.exe	Unicorn-34284.exe
2388	1216	WerFault.exe	Unicorn-57076.exe
992	872	WerFault.exe	Unicorn-23704.exe
2128	924	WerFault.exe	Unicorn-11589.exe
2928	1632	WerFault.exe	Unicorn-65492.exe

Suspicious use of SetWindowsHookEx 44 IoCs

Processes:

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exeUnicorn-38601.exeUnicorn-60708.exeUnicorn-43690.exeUnicorn-15335.exeUnicorn-25287.exeUnicorn-13595.exeUnicorn-6730.exeUnicorn-32634.exeUnicorn-31327.exeUnicorn-39633.exeUnicorn-15170.exeUnicorn-56629.exeUnicorn-48599.exeUnicorn-24329.exeUnicorn-29851.exeUnicorn-55946.exeUnicorn-17094.exeUnicorn-8378.exeUnicorn-49453.exeUnicorn-11726.exeUnicorn-35684.exeUnicorn-61683.exeUnicorn-52872.exeUnicorn-25626.exeUnicorn-35289.exeUnicorn-58862.exeUnicorn-19325.exeUnicorn-11582.exeUnicorn-39645.exeUnicorn-27435.exeUnicorn-15897.exeUnicorn-50749.exeUnicorn-5316.exeUnicorn-8853.exeUnicorn-47105.exeUnicorn-16421.exeUnicorn-57840.exeUnicorn-46206.exeUnicorn-34284.exeUnicorn-57076.exeUnicorn-23704.exeUnicorn-11589.exeUnicorn-65492.exe

pid	process
1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
2072	Unicorn-38601.exe
2676	Unicorn-60708.exe
2784	Unicorn-43690.exe
2584	Unicorn-15335.exe
2352	Unicorn-25287.exe
1884	Unicorn-13595.exe
2392	Unicorn-6730.exe
2756	Unicorn-32634.exe
2412	Unicorn-31327.exe
2340	Unicorn-39633.exe
580	Unicorn-15170.exe
1712	Unicorn-56629.exe
2840	Unicorn-48599.exe
1316	Unicorn-24329.exe
1960	Unicorn-29851.exe
1984	Unicorn-55946.exe
2936	Unicorn-17094.exe
2644	Unicorn-8378.exe
2660	Unicorn-49453.exe
2088	Unicorn-11726.exe
2188	Unicorn-35684.exe
1188	Unicorn-61683.exe
2752	Unicorn-52872.exe
1596	Unicorn-25626.exe
1328	Unicorn-35289.exe
1936	Unicorn-58862.exe
1152	Unicorn-19325.exe
1156	Unicorn-11582.exe
1484	Unicorn-39645.exe
2092	Unicorn-27435.exe
1976	Unicorn-15897.exe
2472	Unicorn-50749.exe
2896	Unicorn-5316.exe
1472	Unicorn-8853.exe
1364	Unicorn-47105.exe
1108	Unicorn-16421.exe
1116	Unicorn-57840.exe
2984	Unicorn-46206.exe
2592	Unicorn-34284.exe
1216	Unicorn-57076.exe
872	Unicorn-23704.exe
924	Unicorn-11589.exe
1632	Unicorn-65492.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exeUnicorn-38601.exeUnicorn-60708.exeUnicorn-43690.exeUnicorn-15335.exeUnicorn-25287.exeUnicorn-13595.exeUnicorn-6730.exe

description	pid	process	target process
PID 1932 wrote to memory of 2072	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-38601.exe
PID 1932 wrote to memory of 2072	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-38601.exe
PID 1932 wrote to memory of 2072	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-38601.exe
PID 1932 wrote to memory of 2072	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	Unicorn-38601.exe
PID 1932 wrote to memory of 2132	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	WerFault.exe
PID 1932 wrote to memory of 2132	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	WerFault.exe
PID 1932 wrote to memory of 2132	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	WerFault.exe
PID 1932 wrote to memory of 2132	1932	abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe	WerFault.exe
PID 2072 wrote to memory of 2676	2072	Unicorn-38601.exe	Unicorn-60708.exe
PID 2072 wrote to memory of 2676	2072	Unicorn-38601.exe	Unicorn-60708.exe
PID 2072 wrote to memory of 2676	2072	Unicorn-38601.exe	Unicorn-60708.exe
PID 2072 wrote to memory of 2676	2072	Unicorn-38601.exe	Unicorn-60708.exe
PID 2072 wrote to memory of 2588	2072	Unicorn-38601.exe	WerFault.exe
PID 2072 wrote to memory of 2588	2072	Unicorn-38601.exe	WerFault.exe
PID 2072 wrote to memory of 2588	2072	Unicorn-38601.exe	WerFault.exe
PID 2072 wrote to memory of 2588	2072	Unicorn-38601.exe	WerFault.exe
PID 2676 wrote to memory of 2784	2676	Unicorn-60708.exe	Unicorn-43690.exe
PID 2676 wrote to memory of 2784	2676	Unicorn-60708.exe	Unicorn-43690.exe
PID 2676 wrote to memory of 2784	2676	Unicorn-60708.exe	Unicorn-43690.exe
PID 2676 wrote to memory of 2784	2676	Unicorn-60708.exe	Unicorn-43690.exe
PID 2676 wrote to memory of 2576	2676	Unicorn-60708.exe	WerFault.exe
PID 2676 wrote to memory of 2576	2676	Unicorn-60708.exe	WerFault.exe
PID 2676 wrote to memory of 2576	2676	Unicorn-60708.exe	WerFault.exe
PID 2676 wrote to memory of 2576	2676	Unicorn-60708.exe	WerFault.exe
PID 2784 wrote to memory of 2584	2784	Unicorn-43690.exe	Unicorn-15335.exe
PID 2784 wrote to memory of 2584	2784	Unicorn-43690.exe	Unicorn-15335.exe
PID 2784 wrote to memory of 2584	2784	Unicorn-43690.exe	Unicorn-15335.exe
PID 2784 wrote to memory of 2584	2784	Unicorn-43690.exe	Unicorn-15335.exe
PID 2784 wrote to memory of 1996	2784	Unicorn-43690.exe	WerFault.exe
PID 2784 wrote to memory of 1996	2784	Unicorn-43690.exe	WerFault.exe
PID 2784 wrote to memory of 1996	2784	Unicorn-43690.exe	WerFault.exe
PID 2784 wrote to memory of 1996	2784	Unicorn-43690.exe	WerFault.exe
PID 2584 wrote to memory of 2352	2584	Unicorn-15335.exe	Unicorn-25287.exe
PID 2584 wrote to memory of 2352	2584	Unicorn-15335.exe	Unicorn-25287.exe
PID 2584 wrote to memory of 2352	2584	Unicorn-15335.exe	Unicorn-25287.exe
PID 2584 wrote to memory of 2352	2584	Unicorn-15335.exe	Unicorn-25287.exe
PID 2584 wrote to memory of 1464	2584	Unicorn-15335.exe	WerFault.exe
PID 2584 wrote to memory of 1464	2584	Unicorn-15335.exe	WerFault.exe
PID 2584 wrote to memory of 1464	2584	Unicorn-15335.exe	WerFault.exe
PID 2584 wrote to memory of 1464	2584	Unicorn-15335.exe	WerFault.exe
PID 2352 wrote to memory of 1884	2352	Unicorn-25287.exe	Unicorn-13595.exe
PID 2352 wrote to memory of 1884	2352	Unicorn-25287.exe	Unicorn-13595.exe
PID 2352 wrote to memory of 1884	2352	Unicorn-25287.exe	Unicorn-13595.exe
PID 2352 wrote to memory of 1884	2352	Unicorn-25287.exe	Unicorn-13595.exe
PID 2352 wrote to memory of 1580	2352	Unicorn-25287.exe	WerFault.exe
PID 2352 wrote to memory of 1580	2352	Unicorn-25287.exe	WerFault.exe
PID 2352 wrote to memory of 1580	2352	Unicorn-25287.exe	WerFault.exe
PID 2352 wrote to memory of 1580	2352	Unicorn-25287.exe	WerFault.exe
PID 1884 wrote to memory of 2392	1884	Unicorn-13595.exe	Unicorn-6730.exe
PID 1884 wrote to memory of 2392	1884	Unicorn-13595.exe	Unicorn-6730.exe
PID 1884 wrote to memory of 2392	1884	Unicorn-13595.exe	Unicorn-6730.exe
PID 1884 wrote to memory of 2392	1884	Unicorn-13595.exe	Unicorn-6730.exe
PID 1884 wrote to memory of 1652	1884	Unicorn-13595.exe	WerFault.exe
PID 1884 wrote to memory of 1652	1884	Unicorn-13595.exe	WerFault.exe
PID 1884 wrote to memory of 1652	1884	Unicorn-13595.exe	WerFault.exe
PID 1884 wrote to memory of 1652	1884	Unicorn-13595.exe	WerFault.exe
PID 2392 wrote to memory of 2756	2392	Unicorn-6730.exe	Unicorn-32634.exe
PID 2392 wrote to memory of 2756	2392	Unicorn-6730.exe	Unicorn-32634.exe
PID 2392 wrote to memory of 2756	2392	Unicorn-6730.exe	Unicorn-32634.exe
PID 2392 wrote to memory of 2756	2392	Unicorn-6730.exe	Unicorn-32634.exe
PID 2392 wrote to memory of 2908	2392	Unicorn-6730.exe	WerFault.exe
PID 2392 wrote to memory of 2908	2392	Unicorn-6730.exe	WerFault.exe
PID 2392 wrote to memory of 2908	2392	Unicorn-6730.exe	WerFault.exe
PID 2392 wrote to memory of 2908	2392	Unicorn-6730.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe
"C:\Users\Admin\AppData\Local\Temp\abe781e1d213bb4af06df881094b750f6e52fab07b67be83a2e98f157660f312.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17094.exe
18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
26⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
28⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
29⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
30⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
31⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
32⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
42⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
45⤵
- Program crash
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
44⤵
- Program crash
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
43⤵
- Program crash
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
42⤵
- Program crash
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
41⤵
- Program crash
PID:608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
40⤵
- Program crash
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
39⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
38⤵
- Program crash
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
37⤵
- Program crash
PID:672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
36⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
35⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
34⤵
- Program crash
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
33⤵
- Program crash
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
32⤵
- Program crash
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
31⤵
- Program crash
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
30⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
29⤵
- Program crash
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
28⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
27⤵
- Program crash
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
26⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
25⤵
- Program crash
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
24⤵
- Program crash
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
23⤵
- Program crash
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
22⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
21⤵
- Program crash
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
20⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
19⤵
- Program crash
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
18⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
17⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
16⤵
- Program crash
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
15⤵
- Program crash
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
14⤵
- Program crash
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
13⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
12⤵
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
11⤵
- Loads dropped DLL
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
10⤵
- Loads dropped DLL
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
9⤵
- Loads dropped DLL
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
8⤵
- Loads dropped DLL
- Program crash
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
7⤵
- Loads dropped DLL
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
6⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
2⤵
- Program crash
PID:2132

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
Filesize
184KB

MD5
37ea32d11029342d6e676b6d0afbbb3f

SHA1
120da11c2ce6df21077aa14f90613d70209720a2

SHA256
57efced912c9f8cc548109ff5c7633aef6824b3bb1125606d317e5dabef2c2be

SHA512
17a23dca7d0017e3c901524978518a5f1bd832d9e2832e94d3ff97ac8936a8ef74c62ab5b14b28f4e0a2406cfebcc2b8fa98c6601cc8eb2716e0072cb6c18cd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
Filesize
184KB

MD5
9ecc6088184b483fbe81ae15d42a0ef8

SHA1
2ce2dc1342101b6a8a8a2bd18f37ff3708db56ca

SHA256
0591184200193f32b265179752d117ab8a8c815a6096670ad1a5b9d0f1bba040

SHA512
ac98438dcbed7e378c5b21ac863f787f2982d130062ebee828d04400821ee250e5d2b408dba918a22f3227dd8f4f227f8a837c8c8ab63766604f46c447ab9232

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13595.exe
Filesize
184KB

MD5
03f397bcde9b725a5ed0836988d7b608

SHA1
d7768bf1e7d8147f1e08a614be9b0b0a827db3cb

SHA256
ab6ea160727cd12b138c390c2a57999118e967df7a07179784c268ed07417be2

SHA512
c8f27748db52671775e931f99b27b6b9cf9d592c560f479174f4431d0d41be6d2386a96df4f4becdb923392d37bcb3cc210a135296f3c62028f4f9ab20700068

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
Filesize
184KB

MD5
e60a47413c8b7de544f4197127e2ecde

SHA1
cd2975f89d88c25e4e716ba070a0287ed2fb34e3

SHA256
a0732a7597546621d6a9e5d8ed8154a2ec2e29d892bae907b76670ef5b8fa63f

SHA512
0df78e3ef54f2b0fcbf4ba85a0d721435eda77ac65b82eaf970a28235d709778167e5892a9c4a5b9547327773cf4a994486c06b6d0b7b4d5c37c287061c461f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
Filesize
184KB

MD5
a6e3a012675383d2bd02a658c5cc6bbe

SHA1
1301b0aa37c5536ed3c7f2052524c4d01426bf81

SHA256
466c9594e534a30cc19440b0f2ffe0a635f7cb5e07e5653412c729c53bc14012

SHA512
83736d38c08b19fb6ab71a4bcd091dcbc85cc0adcc8bf876b11e59a58184f2ca7f1072e68facacadc41bd1bd62c91d56641dd46d4ef5f5ae57405c4f84613aea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
Filesize
184KB

MD5
3072a8c4baa1374fe9acc87f8fdd73f8

SHA1
36306f7b13357224271d411aa78b8cd6be35cacf

SHA256
875deec71327f47590f8365bd7a82878ce0d20aa400fe725ccc0bc72dfeaeffe

SHA512
a869182313077650abcfd999e6aeacd8378a9ba84597a7fba33bb3f329a715f64b9a07a11f6f2ad22e19b8f07fbd802cba90e6014fe2042485ebd9b8831250f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
Filesize
184KB

MD5
612145c1cd295c476b3900bedad5f365

SHA1
c67af869e7e95a7838001aabf2c378459625320a

SHA256
4f54943656978a44b2493dceb478cb780f5aec93b5c0b2c5a8afa4a5bb8660ee

SHA512
06f02e185b46f61419f986ec0c6bf5bad8e57b060a01b3c7bfaf4463ba2eb7d9b88b02807bd84799c58ba1691f3edbe61ca172a035b1eff623a58197260e377e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
Filesize
184KB

MD5
efe77887f8f9552f94121f950b69e0d1

SHA1
35bb16ca287530fbfc2fd22247015d7c4f03c8b3

SHA256
673efe18c4d3e1882ba1cde157b7d433f8bfb7492fe9ced8cce75ab140858e03

SHA512
e0bbd64b62c57e2311eba562a564b4c23c4592dae1ca48ac8498dbfc50b8d3e8c32d195313e44cc3475b156bb89b9f546ca09346fe6f30e1da9b24c34acbcf43

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads