9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2

General

Target

9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
Size

184KB
MD5

0dcd9acede78ae33f7882fd283bb37b0
SHA1

804c08c883bc0ff1a566e2e07b4732e2e52f6ce4
SHA256

9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2
SHA512

777659ad257e3bcf69e89b3ae15c686cd6629f890d98f3b994dcccb369ed2db1ada051518de0e9aa932716c4cc1fadf114787dc6ab9274bf02b8ce89015c63b6
SSDEEP

3072:L3r3r8oTq4h1dFaWePHLRKsyhlLRiFon3:L3MoHTFaNLYsyhlLRiFo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 25 IoCs

Processes:

Unicorn-40566.exeUnicorn-29693.exeUnicorn-43399.exeUnicorn-35961.exeUnicorn-7298.exeUnicorn-46980.exeUnicorn-53128.exeUnicorn-8697.exeUnicorn-43143.exeUnicorn-44226.exeUnicorn-19020.exeUnicorn-37892.exeUnicorn-26056.exeUnicorn-6033.exeUnicorn-12373.exeUnicorn-34650.exeUnicorn-27477.exeUnicorn-9688.exeUnicorn-33444.exeUnicorn-39078.exeUnicorn-54437.exeUnicorn-13213.exeUnicorn-6626.exeUnicorn-24726.exeUnicorn-64018.exe

pid	process
2884	Unicorn-40566.exe
2572	Unicorn-29693.exe
2676	Unicorn-43399.exe
2820	Unicorn-35961.exe
844	Unicorn-7298.exe
1580	Unicorn-46980.exe
1216	Unicorn-53128.exe
1356	Unicorn-8697.exe
1208	Unicorn-43143.exe
2732	Unicorn-44226.exe
3052	Unicorn-19020.exe
1540	Unicorn-37892.exe
3036	Unicorn-26056.exe
1968	Unicorn-6033.exe
2264	Unicorn-12373.exe
2856	Unicorn-34650.exe
2544	Unicorn-27477.exe
2516	Unicorn-9688.exe
2400	Unicorn-33444.exe
2484	Unicorn-39078.exe
1028	Unicorn-54437.exe
1316	Unicorn-13213.exe
1764	Unicorn-6626.exe
1520	Unicorn-24726.exe
2724	Unicorn-64018.exe

Loads dropped DLL 64 IoCs

Processes:

9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exeUnicorn-40566.exeWerFault.exeUnicorn-29693.exeWerFault.exeUnicorn-43399.exeWerFault.exeUnicorn-35961.exeWerFault.exeUnicorn-7298.exeWerFault.exeUnicorn-46980.exeWerFault.exe

pid	process
2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
2884	Unicorn-40566.exe
2884	Unicorn-40566.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2572	Unicorn-29693.exe
2572	Unicorn-29693.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2676	Unicorn-43399.exe
2676	Unicorn-43399.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
2820	Unicorn-35961.exe
2820	Unicorn-35961.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
844	Unicorn-7298.exe
844	Unicorn-7298.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1580	Unicorn-46980.exe
1580	Unicorn-46980.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe

Program crash 25 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2828	2648	WerFault.exe	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
2504	2884	WerFault.exe	Unicorn-40566.exe
2532	2572	WerFault.exe	Unicorn-29693.exe
588	2676	WerFault.exe	Unicorn-43399.exe
1632	2820	WerFault.exe	Unicorn-35961.exe
1756	844	WerFault.exe	Unicorn-7298.exe
1668	1580	WerFault.exe	Unicorn-46980.exe
936	1216	WerFault.exe	Unicorn-53128.exe
584	1356	WerFault.exe	Unicorn-8697.exe
2888	1208	WerFault.exe	Unicorn-43143.exe
1964	2732	WerFault.exe	Unicorn-44226.exe
1084	3052	WerFault.exe	Unicorn-19020.exe
1160	1540	WerFault.exe	Unicorn-37892.exe
2032	3036	WerFault.exe	Unicorn-26056.exe
880	1968	WerFault.exe	Unicorn-6033.exe
1592	2264	WerFault.exe	Unicorn-12373.exe
2296	2856	WerFault.exe	Unicorn-34650.exe
2704	2544	WerFault.exe	Unicorn-27477.exe
2408	2516	WerFault.exe	Unicorn-9688.exe
2968	2400	WerFault.exe	Unicorn-33444.exe
2140	2484	WerFault.exe	Unicorn-39078.exe
2680	1028	WerFault.exe	Unicorn-54437.exe
1912	1316	WerFault.exe	Unicorn-13213.exe
2456	1764	WerFault.exe	Unicorn-6626.exe
1936	1520	WerFault.exe	Unicorn-24726.exe

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exeUnicorn-40566.exeUnicorn-29693.exeUnicorn-43399.exeUnicorn-35961.exeUnicorn-7298.exeUnicorn-46980.exeUnicorn-53128.exeUnicorn-8697.exeUnicorn-43143.exeUnicorn-44226.exeUnicorn-19020.exeUnicorn-37892.exeUnicorn-26056.exeUnicorn-6033.exeUnicorn-12373.exeUnicorn-34650.exeUnicorn-27477.exeUnicorn-9688.exeUnicorn-33444.exeUnicorn-39078.exeUnicorn-54437.exeUnicorn-13213.exeUnicorn-6626.exeUnicorn-24726.exeUnicorn-64018.exe

pid	process
2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
2884	Unicorn-40566.exe
2572	Unicorn-29693.exe
2676	Unicorn-43399.exe
2820	Unicorn-35961.exe
844	Unicorn-7298.exe
1580	Unicorn-46980.exe
1216	Unicorn-53128.exe
1356	Unicorn-8697.exe
1208	Unicorn-43143.exe
2732	Unicorn-44226.exe
3052	Unicorn-19020.exe
1540	Unicorn-37892.exe
3036	Unicorn-26056.exe
1968	Unicorn-6033.exe
2264	Unicorn-12373.exe
2856	Unicorn-34650.exe
2544	Unicorn-27477.exe
2516	Unicorn-9688.exe
2400	Unicorn-33444.exe
2484	Unicorn-39078.exe
1028	Unicorn-54437.exe
1316	Unicorn-13213.exe
1764	Unicorn-6626.exe
1520	Unicorn-24726.exe
2724	Unicorn-64018.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exeUnicorn-40566.exeUnicorn-29693.exeUnicorn-43399.exeUnicorn-35961.exeUnicorn-7298.exeUnicorn-46980.exeUnicorn-53128.exe

description	pid	process	target process
PID 2648 wrote to memory of 2884	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	Unicorn-40566.exe
PID 2648 wrote to memory of 2884	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	Unicorn-40566.exe
PID 2648 wrote to memory of 2884	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	Unicorn-40566.exe
PID 2648 wrote to memory of 2884	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	Unicorn-40566.exe
PID 2648 wrote to memory of 2828	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	WerFault.exe
PID 2648 wrote to memory of 2828	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	WerFault.exe
PID 2648 wrote to memory of 2828	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	WerFault.exe
PID 2648 wrote to memory of 2828	2648	9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe	WerFault.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-40566.exe	Unicorn-29693.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-40566.exe	Unicorn-29693.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-40566.exe	Unicorn-29693.exe
PID 2884 wrote to memory of 2572	2884	Unicorn-40566.exe	Unicorn-29693.exe
PID 2884 wrote to memory of 2504	2884	Unicorn-40566.exe	WerFault.exe
PID 2884 wrote to memory of 2504	2884	Unicorn-40566.exe	WerFault.exe
PID 2884 wrote to memory of 2504	2884	Unicorn-40566.exe	WerFault.exe
PID 2884 wrote to memory of 2504	2884	Unicorn-40566.exe	WerFault.exe
PID 2572 wrote to memory of 2676	2572	Unicorn-29693.exe	Unicorn-43399.exe
PID 2572 wrote to memory of 2676	2572	Unicorn-29693.exe	Unicorn-43399.exe
PID 2572 wrote to memory of 2676	2572	Unicorn-29693.exe	Unicorn-43399.exe
PID 2572 wrote to memory of 2676	2572	Unicorn-29693.exe	Unicorn-43399.exe
PID 2572 wrote to memory of 2532	2572	Unicorn-29693.exe	WerFault.exe
PID 2572 wrote to memory of 2532	2572	Unicorn-29693.exe	WerFault.exe
PID 2572 wrote to memory of 2532	2572	Unicorn-29693.exe	WerFault.exe
PID 2572 wrote to memory of 2532	2572	Unicorn-29693.exe	WerFault.exe
PID 2676 wrote to memory of 2820	2676	Unicorn-43399.exe	Unicorn-35961.exe
PID 2676 wrote to memory of 2820	2676	Unicorn-43399.exe	Unicorn-35961.exe
PID 2676 wrote to memory of 2820	2676	Unicorn-43399.exe	Unicorn-35961.exe
PID 2676 wrote to memory of 2820	2676	Unicorn-43399.exe	Unicorn-35961.exe
PID 2676 wrote to memory of 588	2676	Unicorn-43399.exe	WerFault.exe
PID 2676 wrote to memory of 588	2676	Unicorn-43399.exe	WerFault.exe
PID 2676 wrote to memory of 588	2676	Unicorn-43399.exe	WerFault.exe
PID 2676 wrote to memory of 588	2676	Unicorn-43399.exe	WerFault.exe
PID 2820 wrote to memory of 844	2820	Unicorn-35961.exe	Unicorn-7298.exe
PID 2820 wrote to memory of 844	2820	Unicorn-35961.exe	Unicorn-7298.exe
PID 2820 wrote to memory of 844	2820	Unicorn-35961.exe	Unicorn-7298.exe
PID 2820 wrote to memory of 844	2820	Unicorn-35961.exe	Unicorn-7298.exe
PID 2820 wrote to memory of 1632	2820	Unicorn-35961.exe	WerFault.exe
PID 2820 wrote to memory of 1632	2820	Unicorn-35961.exe	WerFault.exe
PID 2820 wrote to memory of 1632	2820	Unicorn-35961.exe	WerFault.exe
PID 2820 wrote to memory of 1632	2820	Unicorn-35961.exe	WerFault.exe
PID 844 wrote to memory of 1580	844	Unicorn-7298.exe	Unicorn-46980.exe
PID 844 wrote to memory of 1580	844	Unicorn-7298.exe	Unicorn-46980.exe
PID 844 wrote to memory of 1580	844	Unicorn-7298.exe	Unicorn-46980.exe
PID 844 wrote to memory of 1580	844	Unicorn-7298.exe	Unicorn-46980.exe
PID 844 wrote to memory of 1756	844	Unicorn-7298.exe	WerFault.exe
PID 844 wrote to memory of 1756	844	Unicorn-7298.exe	WerFault.exe
PID 844 wrote to memory of 1756	844	Unicorn-7298.exe	WerFault.exe
PID 844 wrote to memory of 1756	844	Unicorn-7298.exe	WerFault.exe
PID 1580 wrote to memory of 1216	1580	Unicorn-46980.exe	Unicorn-53128.exe
PID 1580 wrote to memory of 1216	1580	Unicorn-46980.exe	Unicorn-53128.exe
PID 1580 wrote to memory of 1216	1580	Unicorn-46980.exe	Unicorn-53128.exe
PID 1580 wrote to memory of 1216	1580	Unicorn-46980.exe	Unicorn-53128.exe
PID 1580 wrote to memory of 1668	1580	Unicorn-46980.exe	WerFault.exe
PID 1580 wrote to memory of 1668	1580	Unicorn-46980.exe	WerFault.exe
PID 1580 wrote to memory of 1668	1580	Unicorn-46980.exe	WerFault.exe
PID 1580 wrote to memory of 1668	1580	Unicorn-46980.exe	WerFault.exe
PID 1216 wrote to memory of 1356	1216	Unicorn-53128.exe	Unicorn-8697.exe
PID 1216 wrote to memory of 1356	1216	Unicorn-53128.exe	Unicorn-8697.exe
PID 1216 wrote to memory of 1356	1216	Unicorn-53128.exe	Unicorn-8697.exe
PID 1216 wrote to memory of 1356	1216	Unicorn-53128.exe	Unicorn-8697.exe
PID 1216 wrote to memory of 936	1216	Unicorn-53128.exe	WerFault.exe
PID 1216 wrote to memory of 936	1216	Unicorn-53128.exe	WerFault.exe
PID 1216 wrote to memory of 936	1216	Unicorn-53128.exe	WerFault.exe
PID 1216 wrote to memory of 936	1216	Unicorn-53128.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe
"C:\Users\Admin\AppData\Local\Temp\9a988e7dd645e68b2caa7cb66552d1dbb28f33523db7914b8eb4691dd5071ce2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
26⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
26⤵
- Program crash
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
25⤵
- Program crash
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
24⤵
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
23⤵
- Program crash
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
22⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
21⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
20⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
19⤵
- Program crash
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
18⤵
- Program crash
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
17⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
16⤵
- Program crash
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
15⤵
- Program crash
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
14⤵
- Program crash
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
13⤵
- Program crash
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
12⤵
- Program crash
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
11⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
10⤵
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
8⤵
- Loads dropped DLL
- Program crash
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
7⤵
- Loads dropped DLL
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
6⤵
- Loads dropped DLL
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
2⤵
- Program crash
PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe

Filesize
184KB

MD5
3e54ffed6531e46d89c89cfe93717939

SHA1
620dd22bd7f1012de8c4736a70ffc63373277430

SHA256
815acd137c7ef602fc8bc5fa861610acb9732fce7259b8a2b0a9830651ed015c

SHA512
64bb065497d471af1bde8cdee4a8b1c236180c17021e2ece45476c0871df5f185483cd739e6c38493cdfdb1925977d8c1310f31a2ecc252870926415effa6d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe

Filesize
184KB

MD5
e3ae7c7d58af0bf02afa661d80a2cb5d

SHA1
71fc379aecd598f6914f6ecbc171b3bd036f7950

SHA256
a188edc0bd236f3d56006c42f264b5e409d00c48614df957bc97840eb040315b

SHA512
fbd3bd38ed4d583880b45c1bfd593d73a8704edd42907a408c0089c9af489969da9a144a82a7ce5e4a6153f758db3fa669e6ae8bc522654ae2414ca8fb360e28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe

Filesize
184KB

MD5
a6e859468bc0a2cae70f548cf64fdb40

SHA1
d75776d84df91ef71e69aa507a1935046c46a660

SHA256
b0b2a072505753139f254f901b05964a61755e28d1381bd74a9913d2bc678333

SHA512
dd32346bbe46f23701f41d7f8fc8522dd2e2cb430a09d45940d13f84dba66248caa2448840c488eab762012546a3c195b11cb396c77091de012b05d53d2e7703

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe

Filesize
184KB

MD5
22fc5af182b9f47546adb07ebf592cfc

SHA1
14ab8b621f68531c471c3af4b93a26a29b318d11

SHA256
3735b6771bc90aaa44ea1248929d7f5e24a21c1e087ed2a15bd9f72f34e3f3aa

SHA512
bbde5253dd8e3885e9af99c6035b1b121b95a332f918cdc9174637b0d1e3897e7fd5b6410b7fbc432ce038fb2487799f02174075eca9344a9d9d37cc3be42491

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe

Filesize
184KB

MD5
bf5591d9523fdfb93337e7ff714e08a0

SHA1
3e8cbf96c61f8e6545dcdfc10b08f05440c8e415

SHA256
55fcd80ebd83e699dc5d7b3ccb1ab64eeab1c07f5e95f6ff7e0130ccb58f7044

SHA512
eb3d512500ee768afbb2921076c3b557382146038ca1e851b4c717c56cf625cda3995f5b18047a21e691329815451303258e70f66d0dd645539f5ad20bb7885c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe

Filesize
184KB

MD5
f071d94b9991ef08a8f649a039626e65

SHA1
3f543486e44e969c1df6415c8f59e3d73673f28a

SHA256
85ed5c611848f29f059d8facaec75ec704ff233791998cc23fc62fb539560efc

SHA512
3ec4d4beabbda61339a9823c784ab9c0cd3a41126acb226be714596ba41044004b237c0e339b0303f3466311aff97b87a7fe21fc0ecd170c145d5f45e5a76f3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe

Filesize
184KB

MD5
a9de93d58e644396f2030c3e4a6a630a

SHA1
27e7d15443c1f8a344129f343bbb488a043017c6

SHA256
6cdea2c212c071f70306ef981dc6c16f58d2b16ac1d080e89c2153bcd5f092eb

SHA512
3770e46211d2c5bcc998fd84776595498e0fc5fa28c7d96161fd51afa9ae3b8253075785a9a1adef09728e17cedfb197af8083c7bb5e1af7882f34d94e4d02d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe

Filesize
184KB

MD5
6e521410b51ba39e3bd8fa39db077e04

SHA1
c6a7efefc364a98a4d50d6388f968072384aa471

SHA256
151b3a0a107465f5cb4a2f61d0196d13594e13a974c56903f7cedce693c91b89

SHA512
f9cbefbd97db7fa695a8d93090aa8bb803bac41018deb64371c45fc35209a19672df1ecc1563d399c5aa698bab940210b1ddfe54429fafd675e066b867b07e0e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads