2d6cf7c09c0bccc88ce65eda512faf90c28f08bdfac00d839a09a54c700599fb

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe
Size

184KB
MD5

259a2dbc4a529ed9c92b03e8ff369eb0
SHA1

bd81e5ddbbd96bd2e6e10f7b041d04c8089984be
SHA256

2d6cf7c09c0bccc88ce65eda512faf90c28f08bdfac00d839a09a54c700599fb
SHA512

643ded88e8da43e7772c7e1b94dedb59e5303d004ca9ddb7a032bf731b4b209d29c93e7327abaf9ff190e4de80ab2c58fac35e5fb258ec10d5f6e4a12b99c133
SSDEEP

3072:4IDAcXonKlipdXuwWqWFRnypLlvnqntiuA:4IzohnXuxRypLlPqntiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
3020	Unicorn-46307.exe
2876	Unicorn-9301.exe
2716	Unicorn-35716.exe
2364	Unicorn-59779.exe
2744	Unicorn-56575.exe
1848	Unicorn-52242.exe
1540	Unicorn-42912.exe
2036	Unicorn-1822.exe
1908	Unicorn-50738.exe
1928	Unicorn-49537.exe
664	Unicorn-42189.exe
2428	Unicorn-16331.exe
1176	Unicorn-61198.exe
1516	Unicorn-24157.exe
2372	Unicorn-43355.exe
2068	Unicorn-24788.exe
1672	Unicorn-34845.exe
2260	Unicorn-35686.exe
2868	Unicorn-4710.exe
2404	Unicorn-18912.exe
2556	Unicorn-28969.exe
2820	Unicorn-10209.exe
1800	Unicorn-12098.exe
1452	Unicorn-9867.exe
1120	Unicorn-36261.exe
1632	Unicorn-4333.exe
1404	Unicorn-10654.exe
408	Unicorn-53384.exe
2008	Unicorn-51153.exe
904	Unicorn-61210.exe
2076	Unicorn-34379.exe
2784	Unicorn-61841.exe
2416	Unicorn-42205.exe
2816	Unicorn-52262.exe
1576	Unicorn-28407.exe
1920	Unicorn-19017.exe
968	Unicorn-55680.exe
1480	Unicorn-46578.exe
356	Unicorn-18774.exe
2508	Unicorn-2188.exe
1568	Unicorn-22420.exe
2972	Unicorn-5834.exe
2900	Unicorn-16925.exe
2852	Unicorn-24865.exe
1412	Unicorn-8279.exe
2184	Unicorn-52138.exe
2860	Unicorn-3757.exe
2560	Unicorn-23016.exe
2656	Unicorn-7499.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe
3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe
3020	Unicorn-46307.exe
3020	Unicorn-46307.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2876	Unicorn-9301.exe
2876	Unicorn-9301.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2716	Unicorn-35716.exe
2716	Unicorn-35716.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
2364	Unicorn-59779.exe
2364	Unicorn-59779.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2744	Unicorn-56575.exe
2744	Unicorn-56575.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1848	Unicorn-52242.exe
1848	Unicorn-52242.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
1540	Unicorn-42912.exe
1540	Unicorn-42912.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2036	Unicorn-1822.exe
2036	Unicorn-1822.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
344	WerFault.exe
1908	Unicorn-50738.exe
1908	Unicorn-50738.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe

Program crash 48 IoCs

pid	pid_target	Process	procid_target
2268	3012	WerFault.exe	27
2000	3020	WerFault.exe	28
2524	2876	WerFault.exe	30
3000	2716	WerFault.exe	32
2836	2364	WerFault.exe	34
1792	2744	WerFault.exe	36
2464	1848	WerFault.exe	38
2992	1540	WerFault.exe	40
344	2036	WerFault.exe	42
332	1908	WerFault.exe	44
2456	1928	WerFault.exe	46
2216	664	WerFault.exe	48
1448	2428	WerFault.exe	50
1544	1176	WerFault.exe	52
2368	1516	WerFault.exe	54
1732	2372	WerFault.exe	58
1532	2068	WerFault.exe	60
2748	1672	WerFault.exe	62
2640	2260	WerFault.exe	64
2756	2868	WerFault.exe	66
1860	2404	WerFault.exe	68
2724	2556	WerFault.exe	70
1276	2820	WerFault.exe	72
2548	1800	WerFault.exe	74
2020	1452	WerFault.exe	76
2028	1120	WerFault.exe	78
576	1632	WerFault.exe	80
780	1404	WerFault.exe	82
2380	408	WerFault.exe	84
1520	2008	WerFault.exe	86
2684	904	WerFault.exe	88
2648	2076	WerFault.exe	90
956	2784	WerFault.exe	92
2704	2416	WerFault.exe	94
2192	2816	WerFault.exe	96
2144	1576	WerFault.exe	98
1704	1920	WerFault.exe	100
1896	968	WerFault.exe	102
2864	1480	WerFault.exe	104
2212	356	WerFault.exe	106
880	2508	WerFault.exe	108
2576	1568	WerFault.exe	110
2300	2972	WerFault.exe	112
2692	2900	WerFault.exe	114
2828	2852	WerFault.exe	116
940	1412	WerFault.exe	118
1664	2184	WerFault.exe	120
2740	2860	WerFault.exe	122

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe
3020	Unicorn-46307.exe
2876	Unicorn-9301.exe
2716	Unicorn-35716.exe
2364	Unicorn-59779.exe
2744	Unicorn-56575.exe
1848	Unicorn-52242.exe
1540	Unicorn-42912.exe
2036	Unicorn-1822.exe
1908	Unicorn-50738.exe
1928	Unicorn-49537.exe
664	Unicorn-42189.exe
2428	Unicorn-16331.exe
1176	Unicorn-61198.exe
1516	Unicorn-24157.exe
2372	Unicorn-43355.exe
2068	Unicorn-24788.exe
1672	Unicorn-34845.exe
2260	Unicorn-35686.exe
2868	Unicorn-4710.exe
2404	Unicorn-18912.exe
2556	Unicorn-28969.exe
2820	Unicorn-10209.exe
1800	Unicorn-12098.exe
1452	Unicorn-9867.exe
1120	Unicorn-36261.exe
1632	Unicorn-4333.exe
1404	Unicorn-10654.exe
408	Unicorn-53384.exe
2008	Unicorn-51153.exe
904	Unicorn-61210.exe
2076	Unicorn-34379.exe
2784	Unicorn-61841.exe
2416	Unicorn-42205.exe
2816	Unicorn-52262.exe
1576	Unicorn-28407.exe
1920	Unicorn-19017.exe
968	Unicorn-55680.exe
1480	Unicorn-46578.exe
356	Unicorn-18774.exe
2508	Unicorn-2188.exe
1568	Unicorn-22420.exe
2972	Unicorn-5834.exe
2900	Unicorn-16925.exe
2852	Unicorn-24865.exe
1412	Unicorn-8279.exe
2184	Unicorn-52138.exe
2860	Unicorn-3757.exe
2560	Unicorn-23016.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3020	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 3020	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 3020	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 3020	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 2268	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2268	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2268	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2268	3012	259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe	29
PID 3020 wrote to memory of 2876	3020	Unicorn-46307.exe	30
PID 3020 wrote to memory of 2876	3020	Unicorn-46307.exe	30
PID 3020 wrote to memory of 2876	3020	Unicorn-46307.exe	30
PID 3020 wrote to memory of 2876	3020	Unicorn-46307.exe	30
PID 3020 wrote to memory of 2000	3020	Unicorn-46307.exe	31
PID 3020 wrote to memory of 2000	3020	Unicorn-46307.exe	31
PID 3020 wrote to memory of 2000	3020	Unicorn-46307.exe	31
PID 3020 wrote to memory of 2000	3020	Unicorn-46307.exe	31
PID 2876 wrote to memory of 2716	2876	Unicorn-9301.exe	32
PID 2876 wrote to memory of 2716	2876	Unicorn-9301.exe	32
PID 2876 wrote to memory of 2716	2876	Unicorn-9301.exe	32
PID 2876 wrote to memory of 2716	2876	Unicorn-9301.exe	32
PID 2876 wrote to memory of 2524	2876	Unicorn-9301.exe	33
PID 2876 wrote to memory of 2524	2876	Unicorn-9301.exe	33
PID 2876 wrote to memory of 2524	2876	Unicorn-9301.exe	33
PID 2876 wrote to memory of 2524	2876	Unicorn-9301.exe	33
PID 2716 wrote to memory of 2364	2716	Unicorn-35716.exe	34
PID 2716 wrote to memory of 2364	2716	Unicorn-35716.exe	34
PID 2716 wrote to memory of 2364	2716	Unicorn-35716.exe	34
PID 2716 wrote to memory of 2364	2716	Unicorn-35716.exe	34
PID 2716 wrote to memory of 3000	2716	Unicorn-35716.exe	35
PID 2716 wrote to memory of 3000	2716	Unicorn-35716.exe	35
PID 2716 wrote to memory of 3000	2716	Unicorn-35716.exe	35
PID 2716 wrote to memory of 3000	2716	Unicorn-35716.exe	35
PID 2364 wrote to memory of 2744	2364	Unicorn-59779.exe	36
PID 2364 wrote to memory of 2744	2364	Unicorn-59779.exe	36
PID 2364 wrote to memory of 2744	2364	Unicorn-59779.exe	36
PID 2364 wrote to memory of 2744	2364	Unicorn-59779.exe	36
PID 2364 wrote to memory of 2836	2364	Unicorn-59779.exe	37
PID 2364 wrote to memory of 2836	2364	Unicorn-59779.exe	37
PID 2364 wrote to memory of 2836	2364	Unicorn-59779.exe	37
PID 2364 wrote to memory of 2836	2364	Unicorn-59779.exe	37
PID 2744 wrote to memory of 1848	2744	Unicorn-56575.exe	38
PID 2744 wrote to memory of 1848	2744	Unicorn-56575.exe	38
PID 2744 wrote to memory of 1848	2744	Unicorn-56575.exe	38
PID 2744 wrote to memory of 1848	2744	Unicorn-56575.exe	38
PID 2744 wrote to memory of 1792	2744	Unicorn-56575.exe	39
PID 2744 wrote to memory of 1792	2744	Unicorn-56575.exe	39
PID 2744 wrote to memory of 1792	2744	Unicorn-56575.exe	39
PID 2744 wrote to memory of 1792	2744	Unicorn-56575.exe	39
PID 1848 wrote to memory of 1540	1848	Unicorn-52242.exe	40
PID 1848 wrote to memory of 1540	1848	Unicorn-52242.exe	40
PID 1848 wrote to memory of 1540	1848	Unicorn-52242.exe	40
PID 1848 wrote to memory of 1540	1848	Unicorn-52242.exe	40
PID 1848 wrote to memory of 2464	1848	Unicorn-52242.exe	41
PID 1848 wrote to memory of 2464	1848	Unicorn-52242.exe	41
PID 1848 wrote to memory of 2464	1848	Unicorn-52242.exe	41
PID 1848 wrote to memory of 2464	1848	Unicorn-52242.exe	41
PID 1540 wrote to memory of 2036	1540	Unicorn-42912.exe	42
PID 1540 wrote to memory of 2036	1540	Unicorn-42912.exe	42
PID 1540 wrote to memory of 2036	1540	Unicorn-42912.exe	42
PID 1540 wrote to memory of 2036	1540	Unicorn-42912.exe	42
PID 1540 wrote to memory of 2992	1540	Unicorn-42912.exe	43
PID 1540 wrote to memory of 2992	1540	Unicorn-42912.exe	43
PID 1540 wrote to memory of 2992	1540	Unicorn-42912.exe	43
PID 1540 wrote to memory of 2992	1540	Unicorn-42912.exe	43

C:\Users\Admin\AppData\Local\Temp\259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\259a2dbc4a529ed9c92b03e8ff369eb0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        49⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        50⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        49⤵
        Program crash
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        48⤵
        Program crash
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        47⤵
        Program crash
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        46⤵
        Program crash
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        45⤵
        Program crash
        
        PID:2692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        44⤵
        Program crash
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        43⤵
        Program crash
        
        PID:2576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        42⤵
        Program crash
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        41⤵
        Program crash
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        40⤵
        Program crash
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        39⤵
        Program crash
        
        PID:1896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        38⤵
        Program crash
        
        PID:1704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        37⤵
        Program crash
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        36⤵
        Program crash
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        35⤵
        Program crash
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        34⤵
        Program crash
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        33⤵
        Program crash
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        32⤵
        Program crash
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        31⤵
        Program crash
        
        PID:1520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 236
        30⤵
        Program crash
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        29⤵
        Program crash
        
        PID:780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        28⤵
        Program crash
        
        PID:576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        27⤵
        Program crash
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        26⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        25⤵
        Program crash
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        24⤵
        Program crash
        
        PID:1276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        23⤵
        Program crash
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        22⤵
        Program crash
        
        PID:1860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        21⤵
        Program crash
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        20⤵
        Program crash
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        19⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        18⤵
        Program crash
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        17⤵
        Program crash
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        16⤵
        Program crash
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
        15⤵
        Program crash
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        14⤵
        Program crash
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
        13⤵
        Program crash
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        12⤵
        Program crash
        
        PID:2456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
  2⤵
  - Program crash
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe

Filesize
184KB

MD5
fe39d8c0622c943731d69a1213b10df2

SHA1
28725d1cfa79f49055862ca451833a780c6eba3a

SHA256
b839d2ef6c9dd27474fec1263042158ae9db6e88e57a5967726d9aa7a8ff2025

SHA512
6f5c54e86ed70f050a8563bcaa85c43e430c83152656423c16614126aba6e4e0557da795c6f3bec109d1156e2f965f4ff359b72e7f1fbf7a96bff3333ff557a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe

Filesize
184KB

MD5
25f744b49aec976811439057c741711d

SHA1
b601a3d0cac9e47d7a2e99369ff839e74a3ae236

SHA256
2000f37b446f500cac0b5d0020554227a60157cee3860d855dbc0656c240b3bf

SHA512
d32d37158e7bbc4907b9d954cb25fa610ee06e23da3fdd13bf6653d8dba3cf5578aa048b6fced30edca6b394cca5506b437c73eaf45a2e199d06b3c03c125b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe

Filesize
184KB

MD5
d474c28e745acee73b18be60791b8075

SHA1
a9ef550b9eb9d164205b6d6de9549e1d3e979cda

SHA256
185a6ce841dc9129e79f05e8373d98b691520e544feca9b0fdb5648a09b646c4

SHA512
3d979e2373ff75de530bc4142f240124333d471941ea23a8f0207aebad4a6747d9c9b05e67f668130293348103ec4051a6071abaade7e64320c247725dc8d717

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe

Filesize
184KB

MD5
31c21d8e57698a67246ab3532a26735f

SHA1
ed80400fad21428ec6d2faee021b6cfa1ab47f9f

SHA256
6547da6654b506c6414106a6dd7438586c7c61048d35ad943cb795afc08922d7

SHA512
e0464aa61c82f92a6cefb5ee65ed348587374ae20756d4cafae81f9cfa0208208244b71a4dd0bf686a0675e20f1dbb0c583565a7d4337d4093571573740b6d83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe

Filesize
184KB

MD5
a463eda3fb9f29d4f1c4e23ec19eccc0

SHA1
e04a48cb1e7f7047810f6e17956e47582f7b71f0

SHA256
aca362d76e9392258441269d29929d644fcca34986504a6c3b0ca616f199f0ac

SHA512
3689f8a5795b056c564fbe6e6a972be4de85dbeae59a7deeec1710cd21a0dc0012f49ba021e986e651600c3209ee51c1895a9d17e6f2cb3ed9d9748b67e28a63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe

Filesize
184KB

MD5
e002e09f2a40923e6f04f9bf4eded1d9

SHA1
3cc69b70c9821571bef933efad2c4e3d871dec08

SHA256
c48ae228ab49192f28870781389736ac33ac13bdf01571a2f0b14cdd6ab1ea55

SHA512
fe6e7b7fcfcadfc619a8ffd0e20e3fbaca13ac3d959e6c468ba0912dc44b3751ce5fb2ac31451601de4790accd9efef7af6baea96cc1358ebf7f5af93bbf5900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe

Filesize
184KB

MD5
29cfe0367579606c2642df28852cb0c4

SHA1
21db36fe9d39255108f85f92c40590d5c1611190

SHA256
f24a6708446ab043d0a5d0d673628fbf0928352235ea0eebced50b0ecbaabd42

SHA512
708811f4edf60c7e6854ab00d14e0236bdda137b99f0bc3274d0f11deed323f4bb1c5fd1af33c27b0135a5930005dd7c7668fe94d0e585274ee73054f6568858

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe

Filesize
184KB

MD5
4ca7355c4347ff9804e352766e8b25ab

SHA1
f6358fc1a9396112a6e5e4feeac607cb5378292d

SHA256
27b0d5d1e7117d89cc80db246b457ccb808200f6aef8360200e0f60779c745f5

SHA512
7c368e173223dd1af58f6b684dadb94774457f8b53e10864479c6000602393b4b77429deae9f83c7753f4ef2de4656707e22d57c0339c117b61228aad3d10d65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe

Filesize
184KB

MD5
4fe96a9c59f7057b030593b41752c2a8

SHA1
f001532de930dbdd25c6e9cc10e8f661eb5d307b

SHA256
ce054f966c473ae08b52a647ed8c23d16a29a591c555429eb7711ef8ab2e43ee

SHA512
86c7bf6d2625c493b88bdf5716d614839fd8e74ee24c1f960cd84606cbcd25848c11b48eb3b3d463cf92c2732063f2ce17fc88ab7f6c48e1d92f5dd8654d3be2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads