2962295072774bb06d552f1d73273f14f5a995fcfeb67b4f3cf414ecd438de90

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe
Size

184KB
MD5

71d4b2063340cad5943dfa9d53350a80
SHA1

71548c94d505a71815a636daf387cee45e90ff9e
SHA256

2962295072774bb06d552f1d73273f14f5a995fcfeb67b4f3cf414ecd438de90
SHA512

5ebc0e9f574f6bce4f22a074ba5eca6edf57cba0abe2dbcb89951e0c7541bfd09d59b0a986758b1cbaa058566e9c528c6f998b8e60d9866a9d15d0f628bbd667
SSDEEP

3072:8S3lhron+8emMzwtDi2r86YBmlvnq9viufn3:8Sfogrzwp8LBmlPq9viuf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 14 IoCs

Processes:

Unicorn-9255.exeUnicorn-45125.exeUnicorn-42728.exeUnicorn-54760.exeUnicorn-37096.exeUnicorn-42984.exeUnicorn-10052.exeUnicorn-4583.exeUnicorn-19688.exeUnicorn-5095.exeUnicorn-52968.exeUnicorn-12784.exeUnicorn-60657.exeUnicorn-1008.exe

pid	process
3804	Unicorn-9255.exe
1800	Unicorn-45125.exe
2900	Unicorn-42728.exe
3808	Unicorn-54760.exe
1552	Unicorn-37096.exe
2988	Unicorn-42984.exe
2280	Unicorn-10052.exe
1480	Unicorn-4583.exe
368	Unicorn-19688.exe
3848	Unicorn-5095.exe
1388	Unicorn-52968.exe
4948	Unicorn-12784.exe
2908	Unicorn-60657.exe
1284	Unicorn-1008.exe

Program crash 28 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4524	4628	WerFault.exe	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe
3864	4628	WerFault.exe	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe
2616	3804	WerFault.exe	Unicorn-9255.exe
368	3804	WerFault.exe	Unicorn-9255.exe
4952	1800	WerFault.exe	Unicorn-45125.exe
1068	1800	WerFault.exe	Unicorn-45125.exe
4808	2900	WerFault.exe	Unicorn-42728.exe
4028	2900	WerFault.exe	Unicorn-42728.exe
4716	3808	WerFault.exe	Unicorn-54760.exe
4936	3808	WerFault.exe	Unicorn-54760.exe
1240	1552	WerFault.exe	Unicorn-37096.exe
2908	1552	WerFault.exe	Unicorn-37096.exe
1284	2988	WerFault.exe	Unicorn-42984.exe
516	2988	WerFault.exe	Unicorn-42984.exe
1000	2280	WerFault.exe	Unicorn-10052.exe
3192	2280	WerFault.exe	Unicorn-10052.exe
3948	1480	WerFault.exe	Unicorn-4583.exe
2688	1480	WerFault.exe	Unicorn-4583.exe
4916	368	WerFault.exe	Unicorn-19688.exe
2456	368	WerFault.exe	Unicorn-19688.exe
4104	3848	WerFault.exe	Unicorn-5095.exe
2412	3848	WerFault.exe	Unicorn-5095.exe
4984	1388	WerFault.exe	Unicorn-52968.exe
3928	1388	WerFault.exe	Unicorn-52968.exe
1892	4948	WerFault.exe	Unicorn-12784.exe
1808	4948	WerFault.exe	Unicorn-12784.exe
4516	2908	WerFault.exe	Unicorn-60657.exe
4628	2908	WerFault.exe	Unicorn-60657.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exeUnicorn-9255.exeUnicorn-45125.exeUnicorn-42728.exeUnicorn-54760.exeUnicorn-37096.exeUnicorn-42984.exeUnicorn-10052.exeUnicorn-4583.exeUnicorn-19688.exeUnicorn-5095.exeUnicorn-52968.exeUnicorn-12784.exeUnicorn-60657.exe

pid	process
4628	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe
3804	Unicorn-9255.exe
1800	Unicorn-45125.exe
2900	Unicorn-42728.exe
3808	Unicorn-54760.exe
1552	Unicorn-37096.exe
2988	Unicorn-42984.exe
2280	Unicorn-10052.exe
1480	Unicorn-4583.exe
368	Unicorn-19688.exe
3848	Unicorn-5095.exe
1388	Unicorn-52968.exe
4948	Unicorn-12784.exe
2908	Unicorn-60657.exe

Suspicious use of WriteProcessMemory 42 IoCs

Processes:

description	pid	process	target process
PID 4628 wrote to memory of 3804	4628	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe	Unicorn-9255.exe
PID 4628 wrote to memory of 3804	4628	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe	Unicorn-9255.exe
PID 4628 wrote to memory of 3804	4628	71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe	Unicorn-9255.exe
PID 3804 wrote to memory of 1800	3804	Unicorn-9255.exe	Unicorn-45125.exe
PID 3804 wrote to memory of 1800	3804	Unicorn-9255.exe	Unicorn-45125.exe
PID 3804 wrote to memory of 1800	3804	Unicorn-9255.exe	Unicorn-45125.exe
PID 1800 wrote to memory of 2900	1800	Unicorn-45125.exe	Unicorn-42728.exe
PID 1800 wrote to memory of 2900	1800	Unicorn-45125.exe	Unicorn-42728.exe
PID 1800 wrote to memory of 2900	1800	Unicorn-45125.exe	Unicorn-42728.exe
PID 2900 wrote to memory of 3808	2900	Unicorn-42728.exe	Unicorn-54760.exe
PID 2900 wrote to memory of 3808	2900	Unicorn-42728.exe	Unicorn-54760.exe
PID 2900 wrote to memory of 3808	2900	Unicorn-42728.exe	Unicorn-54760.exe
PID 3808 wrote to memory of 1552	3808	Unicorn-54760.exe	Unicorn-37096.exe
PID 3808 wrote to memory of 1552	3808	Unicorn-54760.exe	Unicorn-37096.exe
PID 3808 wrote to memory of 1552	3808	Unicorn-54760.exe	Unicorn-37096.exe
PID 1552 wrote to memory of 2988	1552	Unicorn-37096.exe	Unicorn-42984.exe
PID 1552 wrote to memory of 2988	1552	Unicorn-37096.exe	Unicorn-42984.exe
PID 1552 wrote to memory of 2988	1552	Unicorn-37096.exe	Unicorn-42984.exe
PID 2988 wrote to memory of 2280	2988	Unicorn-42984.exe	Unicorn-10052.exe
PID 2988 wrote to memory of 2280	2988	Unicorn-42984.exe	Unicorn-10052.exe
PID 2988 wrote to memory of 2280	2988	Unicorn-42984.exe	Unicorn-10052.exe
PID 2280 wrote to memory of 1480	2280	Unicorn-10052.exe	Unicorn-4583.exe
PID 2280 wrote to memory of 1480	2280	Unicorn-10052.exe	Unicorn-4583.exe
PID 2280 wrote to memory of 1480	2280	Unicorn-10052.exe	Unicorn-4583.exe
PID 1480 wrote to memory of 368	1480	Unicorn-4583.exe	Unicorn-19688.exe
PID 1480 wrote to memory of 368	1480	Unicorn-4583.exe	Unicorn-19688.exe
PID 1480 wrote to memory of 368	1480	Unicorn-4583.exe	Unicorn-19688.exe
PID 368 wrote to memory of 3848	368	Unicorn-19688.exe	Unicorn-5095.exe
PID 368 wrote to memory of 3848	368	Unicorn-19688.exe	Unicorn-5095.exe
PID 368 wrote to memory of 3848	368	Unicorn-19688.exe	Unicorn-5095.exe
PID 3848 wrote to memory of 1388	3848	Unicorn-5095.exe	Unicorn-52968.exe
PID 3848 wrote to memory of 1388	3848	Unicorn-5095.exe	Unicorn-52968.exe
PID 3848 wrote to memory of 1388	3848	Unicorn-5095.exe	Unicorn-52968.exe
PID 1388 wrote to memory of 4948	1388	Unicorn-52968.exe	Unicorn-12784.exe
PID 1388 wrote to memory of 4948	1388	Unicorn-52968.exe	Unicorn-12784.exe
PID 1388 wrote to memory of 4948	1388	Unicorn-52968.exe	Unicorn-12784.exe
PID 4948 wrote to memory of 2908	4948	Unicorn-12784.exe	Unicorn-60657.exe
PID 4948 wrote to memory of 2908	4948	Unicorn-12784.exe	Unicorn-60657.exe
PID 4948 wrote to memory of 2908	4948	Unicorn-12784.exe	Unicorn-60657.exe
PID 2908 wrote to memory of 1284	2908	Unicorn-60657.exe	Unicorn-1008.exe
PID 2908 wrote to memory of 1284	2908	Unicorn-60657.exe	Unicorn-1008.exe
PID 2908 wrote to memory of 1284	2908	Unicorn-60657.exe	Unicorn-1008.exe

C:\Users\Admin\AppData\Local\Temp\71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71d4b2063340cad5943dfa9d53350a80_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-37096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37096.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:368

C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
15⤵
- Executes dropped EXE
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 724
15⤵
- Program crash
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 724
15⤵
- Program crash
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 744
14⤵
- Program crash
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 760
14⤵
- Program crash
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 744
13⤵
- Program crash
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 768
13⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 724
12⤵
- Program crash
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 768
12⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 724
11⤵
- Program crash
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 724
11⤵
- Program crash
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 752
10⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 712
10⤵
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 724
9⤵
- Program crash
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 724
9⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 752
8⤵
- Program crash
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 752
8⤵
- Program crash
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 740
7⤵
- Program crash
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 748
7⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 740
6⤵
- Program crash
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 748
6⤵
- Program crash
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 716
5⤵
- Program crash
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 784
5⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 724
4⤵
- Program crash
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 748
4⤵
- Program crash
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 744
3⤵
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 764
3⤵
- Program crash
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 724
2⤵
- Program crash
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 768
2⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4628 -ip 4628
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4628 -ip 4628
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3804 -ip 3804
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3804 -ip 3804
1⤵
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1800 -ip 1800
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1800 -ip 1800
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2900 -ip 2900
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2900 -ip 2900
1⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3808 -ip 3808
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3808 -ip 3808
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1552 -ip 1552
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1552 -ip 1552
1⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2988 -ip 2988
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2988 -ip 2988
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2280 -ip 2280
1⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2280 -ip 2280
1⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1480 -ip 1480
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1480 -ip 1480
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 368 -ip 368
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 368 -ip 368
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3848 -ip 3848
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3848 -ip 3848
1⤵
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1388 -ip 1388
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1388 -ip 1388
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4948 -ip 4948
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4948 -ip 4948
1⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2908 -ip 2908
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2908 -ip 2908
1⤵
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
Filesize
184KB

MD5
36b7f15c9b761ca69f25e67c36cdca83

SHA1
92dd16bb5aeacaa6247f1dc8920b0cbe56414ab5

SHA256
07515a69fa4409b127fe24e2eca5321bc85542d61cab0669dad91591d182856e

SHA512
0542c78bb3cdff7d258479be5100a4dff769506fd052517da92539c5d5b35505a00fb6afc00433d6c778a985c36d8420a2f17ee81cff98652e487b14b85d06be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
Filesize
184KB

MD5
f0ab23c835cacc2ad4bcb753a435c5b0

SHA1
d5e5c1dd5c3c35ec9ce38240defbd68607c30fe2

SHA256
07da967a4981afac14aea42e60e8c1864581cf41e80555f2cb28464960709ef0

SHA512
ebf9e5178df21baae2232c88370476a13346ba3540b45d4eb753863ea2354f0e6b44b65a1d9d173b90c212e94ec5d326ccf23fd2ea2d1776f7a4862ba9cf222e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
Filesize
184KB

MD5
31519d78089f1b851da62e09311154c9

SHA1
90b4100e7312066da03ebeb06647ff46441c56c4

SHA256
cc68256fe6a1166be0c1e86998a76640bdc174611ff922917c0f27c73489c6b4

SHA512
af6da4c3b309fbe8c68e8b0d4fa1f7f31866f0639b6605f9b11c169683c951e6d97d30610e3e617963468a41f4bbfb298c166f97b0b82151249dc3c39804f51c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
Filesize
184KB

MD5
0d2bbe1fa0fe8462ad6e4d080611f984

SHA1
9750d9771ecd2d4e2bd46549bdf5c3b43375f38a

SHA256
dcfea5dceaee73d091eab4fb00e4c03b2e40d395b898b298571ce8c34b475367

SHA512
7341003b7817cf8ee2f431208f53d7c54a67a7b34f7729792e55f276cdc1680671f91b7b3ba471a5309e31149104cbed9c9b4ea00823d35fc4e8e0b74d74848c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37096.exe
Filesize
184KB

MD5
c7d2dd6eeabe80afa1ddaec3bac8d8e8

SHA1
ded0f20da67dd32e29e0255acf0790a6acbe6330

SHA256
6972d064a4e8f1e5dac683486bff73f7003c8def8d526fce5d82349a989ecbdb

SHA512
8a7b2240d677b85dc240da07583886b5ed481d3d3f15e13757b543df4c94506a77115d3357f7482d07a69cda3818151afdcbd5f2db6b068fc1bc812990911c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
Filesize
184KB

MD5
a415d4e3606525da4d65f99d88fb53bb

SHA1
b7438f32ff0817f2053e7604f370c6cb68181208

SHA256
9c5ce9756ce06d6815cbe10f0191a11ad0841775eecf54e7b5e3dadaabbdea0c

SHA512
e63ec0b8d2bf3ae910d36a7ee1f905cb710bb0e189cf779ddcf78991a03292185dabdf9ddd73c4a5be33b0ccdfb404216503545259f5d8b29811ba62a6a55869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
Filesize
184KB

MD5
673df34f8e3ba08b8080bd36d9b2de5a

SHA1
c31b0b879b2e8be6bb3e5ee7c2d072d1e7cad884

SHA256
977c859d41876fe069708c78bb984cd475d62766c75d64fd225f765eddcf85a3

SHA512
67f18717370c8d50a0f319f63215ea6fba9fefdb68054a92ff21ff2b97d9fe5133362251db572c1fcf63ebd4220ca782ca1d8a06cc9f62ba382eb7439f318184

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
Filesize
184KB

MD5
924c54c308932234658cdf85d7d6d60e

SHA1
406cc79f9a1765b5c543510f1fdcc68fd1ef8e4b

SHA256
90f100716e452a1e696372e42663fd08e32b75ec733ba4f374704b6b2002ab4f

SHA512
3d1b529745b41acb475dfec7aa73e42856e968ca04b48902948f4c92ea267cb01edf8f5a716a6a981ca1507223a597e12b53de0bce97387c07d163544e0f0508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
Filesize
184KB

MD5
96948603b2c2ef209965604893f3ac7e

SHA1
e3ec3c6f860480d9fdf99c34707c41953c434da4

SHA256
32dacba1c17b8bb3bde9dbc15ee427804bd4822908557075f2846829dc717e96

SHA512
07c889d20a47add727c7f4706e496bf851cfdd7dcea6c740cffddfdfe2d159895d7777497d09e6701a5f82e8cf2dfc1825bb4447fa60162597825ece645153ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
Filesize
184KB

MD5
a45881c4db1d82554e1df575a65ce88f

SHA1
c3532879bcf8af2ca0a7111c5c9da46f3f854427

SHA256
45c14458caa95a2951400d1a1fe89db564778fae2838e7f69be2980bc748e5d8

SHA512
ebae034a141fcd703355fe76b0f290254f513f41866c52467cd8d0a0bac2b7bcb634e60353ef456708c82d096abbdd4df7552bf559da43da26826f4da2dd9ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
Filesize
184KB

MD5
0686ab05bf01f97932706004d3dad356

SHA1
aae198aca968097f6bd867a5a0a32d0e54e25afd

SHA256
f635cd0c415c8bca1a3301bd0ecd57d4c4e29243635877dc706ac320b7f2e971

SHA512
ffade6924cadd37402904f24899cf6cdb1ca97103f0bb2722371d3d98b46e4614032d818c879687c6f92e1f6d2b3b1c12598c077628720b33ef67229c5fb68da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
Filesize
184KB

MD5
73d1b2448d5ebb400b7cb7e344b8244a

SHA1
6e4174df8ba32f90503909f5a922d8fd8971d535

SHA256
4da7093da9f983f2c01e27b9b60b335a05c7b98ed6bad9629bf343ee784b94dc

SHA512
6f3e05c414c045766d65a5d0315cd7c5938144e3135d7508c5f7648846bf63b8014089c21676e62bcad102f481d6312168d08e3ab5dc4f12de0a1372afe53a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
Filesize
184KB

MD5
964ab79613a004e764ce677c43ea7b05

SHA1
1d914fda17b0d7e5b46ff375ec186b3b2357bb0f

SHA256
855835b6a2a3f404326920858ab7383c178056c80bfd4092c65098d9b4312fa2

SHA512
f9188c9ff64db604a75efbac157bef48acd1abeb851311d7d239c3982fb8437bb0bda826f06decc418acf424e77a24a830c00ab8c9dd5b9d41cfb249a549a64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
Filesize
184KB

MD5
155e7e8d499464e32369f42d05a95838

SHA1
28504a5148b0491b49d8cedafdd0d920169be8a6

SHA256
f1f02c059f560a855d61738cebc9fbd23a01a98bc2490233576c0f72b1341142

SHA512
6694207ff7874ffe6fa2845c413c4178422a50f7841893adc18bf442d2c4aaf32d954bdc54e84bcac20615f62d346aa946a47b062612004f825ffc84a63fa12a

Download Submit