5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f

Analysis

max time kernel
147s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe
Size

184KB
MD5

b242846c329a05bb974193380f36c8e6
SHA1

f3ad9500294a75f73642fe5aa09d41e298cd02f6
SHA256

5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f
SHA512

eca315b40374a2b6721f8a804c9f74b4138b49f736667d300ab0155acf88b58fa44afdd4b5a2f7ec797b0b7116c96a0ba2117d43c82b681d8ff6ab483df7662f
SSDEEP

3072:m1fV6RoO+jYyZ+ftKbXE8sVzClvnq3xluB:m1qoya+fj84zClPq3xlu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
2516	Unicorn-4137.exe
2584	Unicorn-45061.exe
2596	Unicorn-60603.exe
2464	Unicorn-36182.exe
2764	Unicorn-21839.exe
2672	Unicorn-45549.exe
2172	Unicorn-52430.exe
1968	Unicorn-23925.exe
2284	Unicorn-43551.exe
1760	Unicorn-41460.exe
1292	Unicorn-34444.exe
584	Unicorn-5938.exe
448	Unicorn-50946.exe
1384	Unicorn-5035.exe
2160	Unicorn-3136.exe
2336	Unicorn-13525.exe
2900	Unicorn-32960.exe
2000	Unicorn-43349.exe
2640	Unicorn-62975.exe
2552	Unicorn-35010.exe
2432	Unicorn-37231.exe
1480	Unicorn-65025.exe
2944	Unicorn-9877.exe
2712	Unicorn-50801.exe
1796	Unicorn-43785.exe
2320	Unicorn-7075.exe
2884	Unicorn-17465.exe
1652	Unicorn-10256.exe
2044	Unicorn-20646.exe
1660	Unicorn-40272.exe
1944	Unicorn-3370.exe
2700	Unicorn-13759.exe
2668	Unicorn-6743.exe
1324	Unicorn-17133.exe
2052	Unicorn-28098.exe
1460	Unicorn-8793.exe
1504	Unicorn-11014.exe
3024	Unicorn-3998.exe
1176	Unicorn-53090.exe
2788	Unicorn-28669.exe
1596	Unicorn-3238.exe
952	Unicorn-48438.exe
1700	Unicorn-50467.exe
1728	Unicorn-12724.exe
2504	Unicorn-53840.exe
1560	Unicorn-46632.exe
2392	Unicorn-44733.exe
3060	Unicorn-20312.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe
1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe
2516	Unicorn-4137.exe
2516	Unicorn-4137.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2584	Unicorn-45061.exe
2584	Unicorn-45061.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2596	Unicorn-60603.exe
2596	Unicorn-60603.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2464	Unicorn-36182.exe
2464	Unicorn-36182.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2764	Unicorn-21839.exe
2764	Unicorn-21839.exe
780	WerFault.exe
780	WerFault.exe
780	WerFault.exe
780	WerFault.exe
780	WerFault.exe
780	WerFault.exe
780	WerFault.exe
2672	Unicorn-45549.exe
2672	Unicorn-45549.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2172	Unicorn-52430.exe
2172	Unicorn-52430.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe

Program crash 48 IoCs

pid	pid_target	Process	procid_target
2216	1704	WerFault.exe	27
2868	2516	WerFault.exe	28
2456	2584	WerFault.exe	30
2492	2596	WerFault.exe	32
2948	2464	WerFault.exe	34
780	2764	WerFault.exe	36
2676	2672	WerFault.exe	38
400	2172	WerFault.exe	40
1708	1968	WerFault.exe	42
696	2284	WerFault.exe	44
580	1760	WerFault.exe	46
684	1292	WerFault.exe	48
2140	584	WerFault.exe	50
1940	448	WerFault.exe	52
3020	1384	WerFault.exe	54
1416	2160	WerFault.exe	58
1604	2336	WerFault.exe	60
1972	2900	WerFault.exe	62
2628	2000	WerFault.exe	64
2824	2640	WerFault.exe	66
1836	2552	WerFault.exe	68
2772	2432	WerFault.exe	70
2984	1480	WerFault.exe	72
1964	2944	WerFault.exe	74
1828	2712	WerFault.exe	76
1780	1796	WerFault.exe	78
452	2320	WerFault.exe	80
1152	2884	WerFault.exe	82
2164	1652	WerFault.exe	84
1712	2044	WerFault.exe	86
2012	1660	WerFault.exe	88
2272	1944	WerFault.exe	90
2548	2700	WerFault.exe	92
3004	2668	WerFault.exe	94
2500	1324	WerFault.exe	96
1640	2052	WerFault.exe	98
2388	1460	WerFault.exe	100
1380	1504	WerFault.exe	102
2652	3024	WerFault.exe	104
1344	1176	WerFault.exe	106
2484	2788	WerFault.exe	108
1556	1596	WerFault.exe	110
1332	952	WerFault.exe	112
1880	1700	WerFault.exe	114
2036	1728	WerFault.exe	116
1104	2504	WerFault.exe	118
3008	1560	WerFault.exe	120
2444	2392	WerFault.exe	122

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe
2516	Unicorn-4137.exe
2584	Unicorn-45061.exe
2596	Unicorn-60603.exe
2464	Unicorn-36182.exe
2764	Unicorn-21839.exe
2672	Unicorn-45549.exe
2172	Unicorn-52430.exe
1968	Unicorn-23925.exe
2284	Unicorn-43551.exe
1760	Unicorn-41460.exe
1292	Unicorn-34444.exe
584	Unicorn-5938.exe
448	Unicorn-50946.exe
1384	Unicorn-5035.exe
2160	Unicorn-3136.exe
2336	Unicorn-13525.exe
2900	Unicorn-32960.exe
2000	Unicorn-43349.exe
2640	Unicorn-62975.exe
2552	Unicorn-35010.exe
2432	Unicorn-37231.exe
1480	Unicorn-65025.exe
2944	Unicorn-9877.exe
2712	Unicorn-50801.exe
1796	Unicorn-43785.exe
2320	Unicorn-7075.exe
2884	Unicorn-17465.exe
1652	Unicorn-10256.exe
2044	Unicorn-20646.exe
1660	Unicorn-40272.exe
1944	Unicorn-3370.exe
2700	Unicorn-13759.exe
2668	Unicorn-6743.exe
1324	Unicorn-17133.exe
2052	Unicorn-28098.exe
1460	Unicorn-8793.exe
1504	Unicorn-11014.exe
3024	Unicorn-3998.exe
1176	Unicorn-53090.exe
2788	Unicorn-28669.exe
1596	Unicorn-3238.exe
952	Unicorn-48438.exe
1700	Unicorn-50467.exe
1728	Unicorn-12724.exe
2504	Unicorn-53840.exe
1560	Unicorn-46632.exe
2392	Unicorn-44733.exe
3060	Unicorn-20312.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2516	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	28
PID 1704 wrote to memory of 2516	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	28
PID 1704 wrote to memory of 2516	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	28
PID 1704 wrote to memory of 2516	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	28
PID 1704 wrote to memory of 2216	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	29
PID 1704 wrote to memory of 2216	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	29
PID 1704 wrote to memory of 2216	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	29
PID 1704 wrote to memory of 2216	1704	5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe	29
PID 2516 wrote to memory of 2584	2516	Unicorn-4137.exe	30
PID 2516 wrote to memory of 2584	2516	Unicorn-4137.exe	30
PID 2516 wrote to memory of 2584	2516	Unicorn-4137.exe	30
PID 2516 wrote to memory of 2584	2516	Unicorn-4137.exe	30
PID 2516 wrote to memory of 2868	2516	Unicorn-4137.exe	31
PID 2516 wrote to memory of 2868	2516	Unicorn-4137.exe	31
PID 2516 wrote to memory of 2868	2516	Unicorn-4137.exe	31
PID 2516 wrote to memory of 2868	2516	Unicorn-4137.exe	31
PID 2584 wrote to memory of 2596	2584	Unicorn-45061.exe	32
PID 2584 wrote to memory of 2596	2584	Unicorn-45061.exe	32
PID 2584 wrote to memory of 2596	2584	Unicorn-45061.exe	32
PID 2584 wrote to memory of 2596	2584	Unicorn-45061.exe	32
PID 2584 wrote to memory of 2456	2584	Unicorn-45061.exe	33
PID 2584 wrote to memory of 2456	2584	Unicorn-45061.exe	33
PID 2584 wrote to memory of 2456	2584	Unicorn-45061.exe	33
PID 2584 wrote to memory of 2456	2584	Unicorn-45061.exe	33
PID 2596 wrote to memory of 2464	2596	Unicorn-60603.exe	34
PID 2596 wrote to memory of 2464	2596	Unicorn-60603.exe	34
PID 2596 wrote to memory of 2464	2596	Unicorn-60603.exe	34
PID 2596 wrote to memory of 2464	2596	Unicorn-60603.exe	34
PID 2596 wrote to memory of 2492	2596	Unicorn-60603.exe	35
PID 2596 wrote to memory of 2492	2596	Unicorn-60603.exe	35
PID 2596 wrote to memory of 2492	2596	Unicorn-60603.exe	35
PID 2596 wrote to memory of 2492	2596	Unicorn-60603.exe	35
PID 2464 wrote to memory of 2764	2464	Unicorn-36182.exe	36
PID 2464 wrote to memory of 2764	2464	Unicorn-36182.exe	36
PID 2464 wrote to memory of 2764	2464	Unicorn-36182.exe	36
PID 2464 wrote to memory of 2764	2464	Unicorn-36182.exe	36
PID 2464 wrote to memory of 2948	2464	Unicorn-36182.exe	37
PID 2464 wrote to memory of 2948	2464	Unicorn-36182.exe	37
PID 2464 wrote to memory of 2948	2464	Unicorn-36182.exe	37
PID 2464 wrote to memory of 2948	2464	Unicorn-36182.exe	37
PID 2764 wrote to memory of 2672	2764	Unicorn-21839.exe	38
PID 2764 wrote to memory of 2672	2764	Unicorn-21839.exe	38
PID 2764 wrote to memory of 2672	2764	Unicorn-21839.exe	38
PID 2764 wrote to memory of 2672	2764	Unicorn-21839.exe	38
PID 2764 wrote to memory of 780	2764	Unicorn-21839.exe	39
PID 2764 wrote to memory of 780	2764	Unicorn-21839.exe	39
PID 2764 wrote to memory of 780	2764	Unicorn-21839.exe	39
PID 2764 wrote to memory of 780	2764	Unicorn-21839.exe	39
PID 2672 wrote to memory of 2172	2672	Unicorn-45549.exe	40
PID 2672 wrote to memory of 2172	2672	Unicorn-45549.exe	40
PID 2672 wrote to memory of 2172	2672	Unicorn-45549.exe	40
PID 2672 wrote to memory of 2172	2672	Unicorn-45549.exe	40
PID 2672 wrote to memory of 2676	2672	Unicorn-45549.exe	41
PID 2672 wrote to memory of 2676	2672	Unicorn-45549.exe	41
PID 2672 wrote to memory of 2676	2672	Unicorn-45549.exe	41
PID 2672 wrote to memory of 2676	2672	Unicorn-45549.exe	41
PID 2172 wrote to memory of 1968	2172	Unicorn-52430.exe	42
PID 2172 wrote to memory of 1968	2172	Unicorn-52430.exe	42
PID 2172 wrote to memory of 1968	2172	Unicorn-52430.exe	42
PID 2172 wrote to memory of 1968	2172	Unicorn-52430.exe	42
PID 2172 wrote to memory of 400	2172	Unicorn-52430.exe	43
PID 2172 wrote to memory of 400	2172	Unicorn-52430.exe	43
PID 2172 wrote to memory of 400	2172	Unicorn-52430.exe	43
PID 2172 wrote to memory of 400	2172	Unicorn-52430.exe	43

C:\Users\Admin\AppData\Local\Temp\5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe
"C:\Users\Admin\AppData\Local\Temp\5e3ab630d4d120f42715973f7afab30e320a9fe4da94797f74455233034da67f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        49⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        49⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        48⤵
        Program crash
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        47⤵
        Program crash
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        46⤵
        Program crash
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        45⤵
        Program crash
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        44⤵
        Program crash
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        43⤵
        Program crash
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        42⤵
        Program crash
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
        41⤵
        Program crash
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        40⤵
        Program crash
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        39⤵
        Program crash
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        38⤵
        Program crash
        
        PID:2388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        37⤵
        Program crash
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        36⤵
        Program crash
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        35⤵
        Program crash
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        34⤵
        Program crash
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        33⤵
        Program crash
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        32⤵
        Program crash
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        31⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        30⤵
        Program crash
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        29⤵
        Program crash
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        28⤵
        Program crash
        
        PID:452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        27⤵
        Program crash
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        26⤵
        Program crash
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        25⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        24⤵
        Program crash
        
        PID:2984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        23⤵
        Program crash
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        22⤵
        Program crash
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        21⤵
        Program crash
        
        PID:2824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        20⤵
        Program crash
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        19⤵
        Program crash
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        18⤵
        Program crash
        
        PID:1604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        17⤵
        Program crash
        
        PID:1416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        16⤵
        Program crash
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
        15⤵
        Program crash
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        14⤵
        Program crash
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        13⤵
        Program crash
        
        PID:684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        12⤵
        Program crash
        
        PID:580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        11⤵
        Program crash
        
        PID:696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        10⤵
        Program crash
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
  2⤵
  - Program crash
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe

Filesize
184KB

MD5
fe7ed8dd189c3685ba3d714a7b363859

SHA1
ab4fc03960c2bc53cecc63fc8137ccd7e96d687f

SHA256
5fa8b7b61845f3e2ebdd23aad9357b787a3eee54c4b4ba6385230ea4bcacd59d

SHA512
3b4eb286b8e121ccc28e0075dad124dec54f3e449cd79c7921386eaf48a118e4142597e9de10ceb58d14f81f2a6906a9956b8e882cef5b8077cc4a32bacebc69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe

Filesize
184KB

MD5
51f9f52ea60c910ca91a18d035ee26e2

SHA1
8f8a2a5ca7af92cdf1665c56f070f41f39dec946

SHA256
d97b75ade0407ef42c5813a78ce50e532898154e2b4b3c7b8927377f2b6fafb8

SHA512
08c48c9de37ef0055fd745da06c56d78fe67d81a10010d1b7554294779afe64e7a9380a73bc59d9f6d504e669c153b3ed3849851d62298792dff9b66fcbf3400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe

Filesize
184KB

MD5
bc3e750d0c25d30cfbfff8440c20e898

SHA1
177da9993d6124582e14db4d0f57f875ab5e1cd0

SHA256
cc46827388d20a402b93dc888a8333837f471bd346cb67cea2b5ce1630b719c3

SHA512
635bad09af31ad4bfce50c06dd8c5b49f7548e95361e6eacd81fdd5bcc6f23c903e67b1a34190da4f5d3c6cb00c135dc8d003711a20c86c0de0c581e63fa3de1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe

Filesize
184KB

MD5
16cebb5ba70d7282a2f0c8987ad0969b

SHA1
4adccc1844d1763fcc0c68a81a01a879b9fc8c95

SHA256
bdd77c792c48c1db9ecd39f7444e22c56efdcda9f62c3ea903ece03b4133ec7b

SHA512
37132893575b489ae77592f5ce6eb3a8d0a5276b82afd346cd963866115df2aa9d68b6dad1780984f539adc997c3afe0eb44cb6ba1859735774314324dc58392

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe

Filesize
184KB

MD5
e19f8fe364f66fb4bad718f260fafb68

SHA1
68c21efba953d194ef126cb6423005964c3eb54c

SHA256
0d0d356f9ee4419fc61cf97b6975ebb8d639640eb958f2f380df87a7f12e77e6

SHA512
5a89c7752e426834a1ffeab4eb2e93b606c70d043eefd7a3e02661efa92bd93c4344fab16dce0298762eb546a4045f754724fcc4f78bf17623b3ec36caa85fef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe

Filesize
184KB

MD5
f077fd246703c3de6b3d4a8de72cba68

SHA1
633942e03c546723a3be336d2621a21704a4ae33

SHA256
a2c8ac5bf6a70b8ca41f0534d4370147ce690804218d08e95615bb219758b83f

SHA512
89b58a4c588e09a33a1f714754deebb4662cd737be00c3b6a08f0a164a9bb7494aa0c27597d3b78e2f112e5f622b6d083b886bcdb944f0f26fd658f2fea58b5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe

Filesize
184KB

MD5
2684cb4d7b39b8175847ffec421c4eb9

SHA1
40ebf45886d8323fbb19083709f6d5d23526c8c5

SHA256
02ff164466a55e5554408556c6450c13c77e900f82774c3e850bfc170eeab8e1

SHA512
ef4ee4f5e885e6b038d5d1f75712517f197b41045fe5d49c4bff7d3e1f183a56aa3720c4c1d3f0624180706edbf6dcc5c68077d1938fb122e9b12efd36913c5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe

Filesize
184KB

MD5
1d15014fbf47fe6c92b726aed8a7a4a0

SHA1
701b9e3a54aeb68c6bce3bf567ce0f04167a698a

SHA256
852bbe60a67406e8ce002dc21187b8dc194c3eb9bbec03597771cdeb64b994e3

SHA512
7976adf3f758f9c99967dca14066da32fe371f3841aac8beef0c6e86eda98f592a68b8fc0aff7ffbd3ed49863ad7c83531d3e096d8075be81593c803d0ac1802

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe

Filesize
184KB

MD5
4568802fd624d577fa936437cbbb9ab4

SHA1
18acb2f0c7a127643433f7e777b8a3c4c7014aca

SHA256
fe703fa1bae8901a7586725960680dd8b892fe12963ab26b54f1ee46ac970acb

SHA512
13c131420996889ff297e5c107aeee2a31ffcb41d5ee90a00621b753ac0f0c23fc874ea4496d54c164f8f3fe12ce44ab789003f93385b5983c32cac55795a18f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads