71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe
Size

184KB
MD5

56b2a57365e053160fec5bebe0830540
SHA1

cf40a8f3e47c9f290525a8564c5c714dd2bd9ca9
SHA256

71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763
SHA512

c0c4ac51c7c327f51898257f39dc83d09630439919495596b9c4495f7d1ddfce848982348aa41bbc805f17823d9a64961aecbb5967c4f2ed7bbc28c4cdcdabbd
SSDEEP

3072:9Xr63konGGkCzVXZWPEn8n/zrlvnqWxiuY:9XNoskVX98/zrlPqWxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 33 IoCs

pid	Process
1612	Unicorn-62188.exe
2572	Unicorn-18032.exe
2680	Unicorn-32469.exe
2436	Unicorn-55110.exe
2476	Unicorn-11337.exe
1996	Unicorn-3252.exe
1204	Unicorn-8488.exe
868	Unicorn-33712.exe
2092	Unicorn-25627.exe
2396	Unicorn-34947.exe
2076	Unicorn-30946.exe
568	Unicorn-53779.exe
1080	Unicorn-20085.exe
1388	Unicorn-7915.exe
1396	Unicorn-38725.exe
2356	Unicorn-8958.exe
2932	Unicorn-4957.exe
1664	Unicorn-44968.exe
2640	Unicorn-37075.exe
2368	Unicorn-33074.exe
1532	Unicorn-42394.exe
2012	Unicorn-34309.exe
2760	Unicorn-10427.exe
2176	Unicorn-19748.exe
1212	Unicorn-50557.exe
2292	Unicorn-11745.exe
2604	Unicorn-21258.exe
640	Unicorn-13172.exe
2216	Unicorn-36847.exe
2948	Unicorn-63572.exe
1976	Unicorn-28653.exe
2780	Unicorn-64615.exe
2468	Unicorn-60614.exe

Loads dropped DLL 64 IoCs

pid	Process
1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe
1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe
1612	Unicorn-62188.exe
1612	Unicorn-62188.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2572	Unicorn-18032.exe
2572	Unicorn-18032.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2680	Unicorn-32469.exe
2680	Unicorn-32469.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2436	Unicorn-55110.exe
2436	Unicorn-55110.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2476	Unicorn-11337.exe
2476	Unicorn-11337.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
1996	Unicorn-3252.exe
1996	Unicorn-3252.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1204	Unicorn-8488.exe
1204	Unicorn-8488.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
1368	WerFault.exe
868	Unicorn-33712.exe
868	Unicorn-33712.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe

Program crash 34 IoCs

pid	pid_target	Process	procid_target
2124	1520	WerFault.exe	27
2568	1612	WerFault.exe	28
2660	2572	WerFault.exe	30
2868	2680	WerFault.exe	32
2732	2436	WerFault.exe	34
2196	2476	WerFault.exe	36
1832	1996	WerFault.exe	38
1368	1204	WerFault.exe	40
2272	868	WerFault.exe	42
2648	2092	WerFault.exe	44
1364	2396	WerFault.exe	46
2376	2076	WerFault.exe	48
3024	568	WerFault.exe	50
1980	1080	WerFault.exe	52
1372	1388	WerFault.exe	54
1696	1396	WerFault.exe	58
1924	2356	WerFault.exe	60
1044	2932	WerFault.exe	62
2520	1664	WerFault.exe	64
2380	2640	WerFault.exe	66
1652	2368	WerFault.exe	68
2712	1532	WerFault.exe	70
2208	2012	WerFault.exe	72
1760	2760	WerFault.exe	74
544	2176	WerFault.exe	76
812	1212	WerFault.exe	78
596	2292	WerFault.exe	80
2112	2604	WerFault.exe	82
2812	640	WerFault.exe	84
2840	2216	WerFault.exe	86
2696	2948	WerFault.exe	88
2504	1976	WerFault.exe	90
2904	2780	WerFault.exe	92
308	2468	WerFault.exe	94

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe
1612	Unicorn-62188.exe
2572	Unicorn-18032.exe
2680	Unicorn-32469.exe
2436	Unicorn-55110.exe
2476	Unicorn-11337.exe
1996	Unicorn-3252.exe
1204	Unicorn-8488.exe
868	Unicorn-33712.exe
2092	Unicorn-25627.exe
2396	Unicorn-34947.exe
2076	Unicorn-30946.exe
568	Unicorn-53779.exe
1080	Unicorn-20085.exe
1388	Unicorn-7915.exe
1396	Unicorn-38725.exe
2356	Unicorn-8958.exe
2932	Unicorn-4957.exe
1664	Unicorn-44968.exe
2640	Unicorn-37075.exe
2368	Unicorn-33074.exe
1532	Unicorn-42394.exe
2012	Unicorn-34309.exe
2760	Unicorn-10427.exe
2176	Unicorn-19748.exe
1212	Unicorn-50557.exe
2292	Unicorn-11745.exe
2604	Unicorn-21258.exe
640	Unicorn-13172.exe
2216	Unicorn-36847.exe
2948	Unicorn-63572.exe
1976	Unicorn-28653.exe
2780	Unicorn-64615.exe
2468	Unicorn-60614.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1612	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	28
PID 1520 wrote to memory of 1612	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	28
PID 1520 wrote to memory of 1612	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	28
PID 1520 wrote to memory of 1612	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	28
PID 1520 wrote to memory of 2124	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	29
PID 1520 wrote to memory of 2124	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	29
PID 1520 wrote to memory of 2124	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	29
PID 1520 wrote to memory of 2124	1520	71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe	29
PID 1612 wrote to memory of 2572	1612	Unicorn-62188.exe	30
PID 1612 wrote to memory of 2572	1612	Unicorn-62188.exe	30
PID 1612 wrote to memory of 2572	1612	Unicorn-62188.exe	30
PID 1612 wrote to memory of 2572	1612	Unicorn-62188.exe	30
PID 1612 wrote to memory of 2568	1612	Unicorn-62188.exe	31
PID 1612 wrote to memory of 2568	1612	Unicorn-62188.exe	31
PID 1612 wrote to memory of 2568	1612	Unicorn-62188.exe	31
PID 1612 wrote to memory of 2568	1612	Unicorn-62188.exe	31
PID 2572 wrote to memory of 2680	2572	Unicorn-18032.exe	32
PID 2572 wrote to memory of 2680	2572	Unicorn-18032.exe	32
PID 2572 wrote to memory of 2680	2572	Unicorn-18032.exe	32
PID 2572 wrote to memory of 2680	2572	Unicorn-18032.exe	32
PID 2572 wrote to memory of 2660	2572	Unicorn-18032.exe	33
PID 2572 wrote to memory of 2660	2572	Unicorn-18032.exe	33
PID 2572 wrote to memory of 2660	2572	Unicorn-18032.exe	33
PID 2572 wrote to memory of 2660	2572	Unicorn-18032.exe	33
PID 2680 wrote to memory of 2436	2680	Unicorn-32469.exe	34
PID 2680 wrote to memory of 2436	2680	Unicorn-32469.exe	34
PID 2680 wrote to memory of 2436	2680	Unicorn-32469.exe	34
PID 2680 wrote to memory of 2436	2680	Unicorn-32469.exe	34
PID 2680 wrote to memory of 2868	2680	Unicorn-32469.exe	35
PID 2680 wrote to memory of 2868	2680	Unicorn-32469.exe	35
PID 2680 wrote to memory of 2868	2680	Unicorn-32469.exe	35
PID 2680 wrote to memory of 2868	2680	Unicorn-32469.exe	35
PID 2436 wrote to memory of 2476	2436	Unicorn-55110.exe	36
PID 2436 wrote to memory of 2476	2436	Unicorn-55110.exe	36
PID 2436 wrote to memory of 2476	2436	Unicorn-55110.exe	36
PID 2436 wrote to memory of 2476	2436	Unicorn-55110.exe	36
PID 2436 wrote to memory of 2732	2436	Unicorn-55110.exe	37
PID 2436 wrote to memory of 2732	2436	Unicorn-55110.exe	37
PID 2436 wrote to memory of 2732	2436	Unicorn-55110.exe	37
PID 2436 wrote to memory of 2732	2436	Unicorn-55110.exe	37
PID 2476 wrote to memory of 1996	2476	Unicorn-11337.exe	38
PID 2476 wrote to memory of 1996	2476	Unicorn-11337.exe	38
PID 2476 wrote to memory of 1996	2476	Unicorn-11337.exe	38
PID 2476 wrote to memory of 1996	2476	Unicorn-11337.exe	38
PID 2476 wrote to memory of 2196	2476	Unicorn-11337.exe	39
PID 2476 wrote to memory of 2196	2476	Unicorn-11337.exe	39
PID 2476 wrote to memory of 2196	2476	Unicorn-11337.exe	39
PID 2476 wrote to memory of 2196	2476	Unicorn-11337.exe	39
PID 1996 wrote to memory of 1204	1996	Unicorn-3252.exe	40
PID 1996 wrote to memory of 1204	1996	Unicorn-3252.exe	40
PID 1996 wrote to memory of 1204	1996	Unicorn-3252.exe	40
PID 1996 wrote to memory of 1204	1996	Unicorn-3252.exe	40
PID 1996 wrote to memory of 1832	1996	Unicorn-3252.exe	41
PID 1996 wrote to memory of 1832	1996	Unicorn-3252.exe	41
PID 1996 wrote to memory of 1832	1996	Unicorn-3252.exe	41
PID 1996 wrote to memory of 1832	1996	Unicorn-3252.exe	41
PID 1204 wrote to memory of 868	1204	Unicorn-8488.exe	42
PID 1204 wrote to memory of 868	1204	Unicorn-8488.exe	42
PID 1204 wrote to memory of 868	1204	Unicorn-8488.exe	42
PID 1204 wrote to memory of 868	1204	Unicorn-8488.exe	42
PID 1204 wrote to memory of 1368	1204	Unicorn-8488.exe	43
PID 1204 wrote to memory of 1368	1204	Unicorn-8488.exe	43
PID 1204 wrote to memory of 1368	1204	Unicorn-8488.exe	43
PID 1204 wrote to memory of 1368	1204	Unicorn-8488.exe	43

C:\Users\Admin\AppData\Local\Temp\71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe
"C:\Users\Admin\AppData\Local\Temp\71b938bf24f16621aed288fc52a8e02dd3620fc552c4840388c230257b776763.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4957.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 320
        35⤵
        Program crash
        
        PID:308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        34⤵
        Program crash
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        33⤵
        Program crash
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        32⤵
        Program crash
        
        PID:2696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        31⤵
        Program crash
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
        30⤵
        Program crash
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        29⤵
        Program crash
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        28⤵
        Program crash
        
        PID:596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        27⤵
        Program crash
        
        PID:812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        26⤵
        Program crash
        
        PID:544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        25⤵
        Program crash
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        24⤵
        Program crash
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        23⤵
        Program crash
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        22⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        21⤵
        Program crash
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        20⤵
        Program crash
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        19⤵
        Program crash
        
        PID:1044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        18⤵
        Program crash
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        17⤵
        Program crash
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        16⤵
        Program crash
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        15⤵
        Program crash
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        14⤵
        Program crash
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        13⤵
        Program crash
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        12⤵
        Program crash
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        11⤵
        Program crash
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:2196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
  2⤵
  - Program crash
  PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe

Filesize
184KB

MD5
f9991501abe95e5dc373b8b9c1b792b4

SHA1
973b691abd2234e074f1439323c44d91896a1e0b

SHA256
7fa790edd01ccf953c8b6ba67cd1675ae5d3e53322a48e24b9d1868e3793aaab

SHA512
aba7414eccfb419d89c9b21dc86fbb3e20d14d8f689904d81917f6fa246a169a606ae44a0b2bfbf3101668b222ab229a33c2b3a78709c27b4ba6c86e51500903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe

Filesize
184KB

MD5
ed7338c72c295c46afca43749e00970f

SHA1
446ca22a80071e7af8a2b5973fcbfa9c310750be

SHA256
daf064b42260d47e4298a46a1b50062e857753997a10361d9c902beb2fda37f3

SHA512
73b41da8bfe4b88bcdff0c73e66f66a99bba86b89fa4b2bf4ff9f80ddec12a295518b10b84a0438e272aad92f4ab5efedf856162e1377a7f6e137212764bb452

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe

Filesize
184KB

MD5
cee98a7a3086d0c9ea66d965d700a800

SHA1
5677fdf968440f75322e6b898669a7829e5b3db6

SHA256
b2a0a5cb138163fdb00ea22906c77ed94d0035b58c9f2725dae2c7cb0a5bf75f

SHA512
8e1589085522c93d1f054f089092e0ec973d5c1338f1943ce14366fc8e768eb9fef65127bf522f7bc5890377bba42da3d4bd5416e0f2d65536347ad3efc807ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe

Filesize
184KB

MD5
338843f7028575e3a081da2b8bf7b23f

SHA1
c066eeb6f5ffdbcc82964a5f0017dd25ca9d14d5

SHA256
0acaacf0ccbff21f3aea19e2a7348b770b6ebc6ba406d802d26d6cc621765029

SHA512
8932612ce37ed16d14ec4e9e055a7a80c8d6601f32fd4cef45d7caf1e14e866c9fc04f9cc74b7f77529dd1169860bd8c85f5d788a95352a1e4a18611fed490b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe

Filesize
184KB

MD5
6454d0fc41a7d623f08207fc9c1e5328

SHA1
df0b368205713473d872ff2c964c9d917e8bf871

SHA256
03c50b06467da4800835060e2cc2d921f7615070ad623478563f2a92531a905a

SHA512
1359528df4b75a50e8c4828379b46dfb51b330618b10687807bab9208aa6561240e7b3bb3c19f768d146cee3f5e749a23f645bd36cc479922ca72cf90f7fd6ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe

Filesize
184KB

MD5
05b3b329fb1ff0d4fb5d198ee16ab74d

SHA1
96050638901efb64c805163700f63d8f24f74a70

SHA256
3422d1e4f010360ce8c026957340fa4fca2444c418d1c14892cf4b6bb547b0e4

SHA512
6f9b4c7002675791095ee1399168980f50d74395423365d4ceba255ef23a1b8fe2dee5495e138a2699377fd8b0baf2993faa7f48d709c5cec894de669924adae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe

Filesize
184KB

MD5
26a7c6170a1203d99b1f69142e35cc19

SHA1
a3ad02374b2bff1f2a95366630c910864da84f4a

SHA256
a940bc91a6b77f913343adaf89db471e2231d71f66c2a7e188d966f1169b1c74

SHA512
617f2d3903053c9c779316ba33a7112d21b1da53a5445b68354361170279d64abf850d35429a2a05a4a67f86b0a377d9ed9ad963dd1a4a91b12b126fb639ed12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads