3a110c2d4dda8020f4df64d0749a3cf0c19fb7c0cba4929696f55804e662ecf5

Analysis

max time kernel
138s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe
Size

184KB
MD5

46b4f383098048ed55a568ab2727dd30
SHA1

9675924019b4dacd1a6ab38d938355c259b9a1b5
SHA256

3a110c2d4dda8020f4df64d0749a3cf0c19fb7c0cba4929696f55804e662ecf5
SHA512

47b5283d99ec07f819c02e28456383c2310cfaa19ec801681231c4ef254d81ae8e8262e0e3abc0ab930bb3fae5432d480c6f9dbf2447c0284d8b31f42868b7ff
SSDEEP

3072:M85EPYos7hg5Tq/yyWK7b2Kl1vnq/6guN:M8Vo/pq/n7CKl1Pq/6gu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 44 IoCs

pid	Process
1944	Unicorn-25261.exe
2756	Unicorn-22830.exe
2580	Unicorn-25492.exe
2452	Unicorn-6628.exe
1360	Unicorn-62539.exe
2300	Unicorn-43676.exe
2700	Unicorn-34517.exe
3040	Unicorn-37179.exe
2716	Unicorn-35721.exe
484	Unicorn-16858.exe
2356	Unicorn-7231.exe
1468	Unicorn-656.exe
1224	Unicorn-23799.exe
964	Unicorn-4935.exe
904	Unicorn-51609.exe
1492	Unicorn-52735.exe
2804	Unicorn-59445.exe
1568	Unicorn-22788.exe
2532	Unicorn-24381.exe
1736	Unicorn-6586.exe
1368	Unicorn-53260.exe
2596	Unicorn-1628.exe
1796	Unicorn-50907.exe
2844	Unicorn-61737.exe
1996	Unicorn-51042.exe
840	Unicorn-24011.exe
1308	Unicorn-22553.exe
1064	Unicorn-24146.exe
1536	Unicorn-22688.exe
2096	Unicorn-21230.exe
2840	Unicorn-59735.exe
2684	Unicorn-61328.exe
2172	Unicorn-8160.exe
1212	Unicorn-7771.exe
1732	Unicorn-6313.exe
812	Unicorn-30465.exe
1964	Unicorn-12670.exe
1272	Unicorn-28618.exe
1612	Unicorn-18992.exe
2052	Unicorn-43143.exe
924	Unicorn-51389.exe
2892	Unicorn-1799.exe
2692	Unicorn-33110.exe
2176	Unicorn-36805.exe

Loads dropped DLL 64 IoCs

pid	Process
1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe
1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe
1944	Unicorn-25261.exe
1944	Unicorn-25261.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2756	Unicorn-22830.exe
2756	Unicorn-22830.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2580	Unicorn-25492.exe
2580	Unicorn-25492.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
2452	Unicorn-6628.exe
2452	Unicorn-6628.exe
496	WerFault.exe
496	WerFault.exe
496	WerFault.exe
496	WerFault.exe
496	WerFault.exe
1360	Unicorn-62539.exe
1360	Unicorn-62539.exe
240	WerFault.exe
240	WerFault.exe
240	WerFault.exe
240	WerFault.exe
240	WerFault.exe
2300	Unicorn-43676.exe
2300	Unicorn-43676.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2700	Unicorn-34517.exe
2700	Unicorn-34517.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
3040	Unicorn-37179.exe
3040	Unicorn-37179.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2716	Unicorn-35721.exe
2716	Unicorn-35721.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe

Program crash 48 IoCs

pid	pid_target	Process	procid_target
2536	1544	WerFault.exe	27
2668	1944	WerFault.exe	28
2420	2756	WerFault.exe	30
1556	2580	WerFault.exe	32
496	2452	WerFault.exe	34
240	1360	WerFault.exe	36
2044	2300	WerFault.exe	38
2728	2700	WerFault.exe	40
2224	3040	WerFault.exe	42
1424	2716	WerFault.exe	44
1712	484	WerFault.exe	46
1928	2356	WerFault.exe	48
1444	1468	WerFault.exe	50
1872	1224	WerFault.exe	52
3024	964	WerFault.exe	54
888	904	WerFault.exe	56
1640	1492	WerFault.exe	60
2628	2804	WerFault.exe	62
2444	2548	WerFault.exe	64
2404	1568	WerFault.exe	66
1740	2532	WerFault.exe	68
1588	1736	WerFault.exe	70
328	1368	WerFault.exe	72
2036	2596	WerFault.exe	74
2212	1796	WerFault.exe	76
984	2844	WerFault.exe	78
1004	1996	WerFault.exe	80
780	840	WerFault.exe	82
2072	1308	WerFault.exe	84
2936	1064	WerFault.exe	86
2544	1536	WerFault.exe	88
1456	2096	WerFault.exe	90
1028	2840	WerFault.exe	92
1236	2684	WerFault.exe	94
1912	2172	WerFault.exe	96
2888	1212	WerFault.exe	98
2876	1732	WerFault.exe	100
1948	812	WerFault.exe	102
2476	1964	WerFault.exe	104
1572	1272	WerFault.exe	106
1168	1612	WerFault.exe	108
868	2052	WerFault.exe	110
2488	924	WerFault.exe	112
1072	2892	WerFault.exe	114
800	2692	WerFault.exe	116
2836	2176	WerFault.exe	118
2980	688	WerFault.exe	120
756	1992	WerFault.exe	122

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe
1944	Unicorn-25261.exe
2756	Unicorn-22830.exe
2580	Unicorn-25492.exe
2452	Unicorn-6628.exe
1360	Unicorn-62539.exe
2300	Unicorn-43676.exe
2700	Unicorn-34517.exe
3040	Unicorn-37179.exe
2716	Unicorn-35721.exe
484	Unicorn-16858.exe
2356	Unicorn-7231.exe
1468	Unicorn-656.exe
1224	Unicorn-23799.exe
964	Unicorn-4935.exe
904	Unicorn-51609.exe
1492	Unicorn-52735.exe
2548	Unicorn-32414.exe
1568	Unicorn-22788.exe
2532	Unicorn-24381.exe
1736	Unicorn-6586.exe
1368	Unicorn-53260.exe
2596	Unicorn-1628.exe
1796	Unicorn-50907.exe
2844	Unicorn-61737.exe
1996	Unicorn-51042.exe
840	Unicorn-24011.exe
1308	Unicorn-22553.exe
1064	Unicorn-24146.exe
1536	Unicorn-22688.exe
2096	Unicorn-21230.exe
2840	Unicorn-59735.exe
2684	Unicorn-61328.exe
2172	Unicorn-8160.exe
1212	Unicorn-7771.exe
1732	Unicorn-6313.exe
812	Unicorn-30465.exe
1964	Unicorn-12670.exe
1272	Unicorn-28618.exe
1612	Unicorn-18992.exe
2052	Unicorn-43143.exe
924	Unicorn-51389.exe
2892	Unicorn-1799.exe
2692	Unicorn-33110.exe
2176	Unicorn-36805.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1944	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	28
PID 1544 wrote to memory of 1944	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	28
PID 1544 wrote to memory of 1944	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	28
PID 1544 wrote to memory of 1944	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	28
PID 1544 wrote to memory of 2536	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	29
PID 1544 wrote to memory of 2536	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	29
PID 1544 wrote to memory of 2536	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	29
PID 1544 wrote to memory of 2536	1544	46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe	29
PID 1944 wrote to memory of 2756	1944	Unicorn-25261.exe	30
PID 1944 wrote to memory of 2756	1944	Unicorn-25261.exe	30
PID 1944 wrote to memory of 2756	1944	Unicorn-25261.exe	30
PID 1944 wrote to memory of 2756	1944	Unicorn-25261.exe	30
PID 1944 wrote to memory of 2668	1944	Unicorn-25261.exe	31
PID 1944 wrote to memory of 2668	1944	Unicorn-25261.exe	31
PID 1944 wrote to memory of 2668	1944	Unicorn-25261.exe	31
PID 1944 wrote to memory of 2668	1944	Unicorn-25261.exe	31
PID 2756 wrote to memory of 2580	2756	Unicorn-22830.exe	32
PID 2756 wrote to memory of 2580	2756	Unicorn-22830.exe	32
PID 2756 wrote to memory of 2580	2756	Unicorn-22830.exe	32
PID 2756 wrote to memory of 2580	2756	Unicorn-22830.exe	32
PID 2756 wrote to memory of 2420	2756	Unicorn-22830.exe	33
PID 2756 wrote to memory of 2420	2756	Unicorn-22830.exe	33
PID 2756 wrote to memory of 2420	2756	Unicorn-22830.exe	33
PID 2756 wrote to memory of 2420	2756	Unicorn-22830.exe	33
PID 2580 wrote to memory of 2452	2580	Unicorn-25492.exe	34
PID 2580 wrote to memory of 2452	2580	Unicorn-25492.exe	34
PID 2580 wrote to memory of 2452	2580	Unicorn-25492.exe	34
PID 2580 wrote to memory of 2452	2580	Unicorn-25492.exe	34
PID 2580 wrote to memory of 1556	2580	Unicorn-25492.exe	35
PID 2580 wrote to memory of 1556	2580	Unicorn-25492.exe	35
PID 2580 wrote to memory of 1556	2580	Unicorn-25492.exe	35
PID 2580 wrote to memory of 1556	2580	Unicorn-25492.exe	35
PID 2452 wrote to memory of 1360	2452	Unicorn-6628.exe	36
PID 2452 wrote to memory of 1360	2452	Unicorn-6628.exe	36
PID 2452 wrote to memory of 1360	2452	Unicorn-6628.exe	36
PID 2452 wrote to memory of 1360	2452	Unicorn-6628.exe	36
PID 2452 wrote to memory of 496	2452	Unicorn-6628.exe	37
PID 2452 wrote to memory of 496	2452	Unicorn-6628.exe	37
PID 2452 wrote to memory of 496	2452	Unicorn-6628.exe	37
PID 2452 wrote to memory of 496	2452	Unicorn-6628.exe	37
PID 1360 wrote to memory of 2300	1360	Unicorn-62539.exe	38
PID 1360 wrote to memory of 2300	1360	Unicorn-62539.exe	38
PID 1360 wrote to memory of 2300	1360	Unicorn-62539.exe	38
PID 1360 wrote to memory of 2300	1360	Unicorn-62539.exe	38
PID 1360 wrote to memory of 240	1360	Unicorn-62539.exe	39
PID 1360 wrote to memory of 240	1360	Unicorn-62539.exe	39
PID 1360 wrote to memory of 240	1360	Unicorn-62539.exe	39
PID 1360 wrote to memory of 240	1360	Unicorn-62539.exe	39
PID 2300 wrote to memory of 2700	2300	Unicorn-43676.exe	40
PID 2300 wrote to memory of 2700	2300	Unicorn-43676.exe	40
PID 2300 wrote to memory of 2700	2300	Unicorn-43676.exe	40
PID 2300 wrote to memory of 2700	2300	Unicorn-43676.exe	40
PID 2300 wrote to memory of 2044	2300	Unicorn-43676.exe	41
PID 2300 wrote to memory of 2044	2300	Unicorn-43676.exe	41
PID 2300 wrote to memory of 2044	2300	Unicorn-43676.exe	41
PID 2300 wrote to memory of 2044	2300	Unicorn-43676.exe	41
PID 2700 wrote to memory of 3040	2700	Unicorn-34517.exe	42
PID 2700 wrote to memory of 3040	2700	Unicorn-34517.exe	42
PID 2700 wrote to memory of 3040	2700	Unicorn-34517.exe	42
PID 2700 wrote to memory of 3040	2700	Unicorn-34517.exe	42
PID 2700 wrote to memory of 2728	2700	Unicorn-34517.exe	43
PID 2700 wrote to memory of 2728	2700	Unicorn-34517.exe	43
PID 2700 wrote to memory of 2728	2700	Unicorn-34517.exe	43
PID 2700 wrote to memory of 2728	2700	Unicorn-34517.exe	43

C:\Users\Admin\AppData\Local\Temp\46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46b4f383098048ed55a568ab2727dd30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        18⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        19⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59735.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        47⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        48⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        49⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        49⤵
        Program crash
        
        PID:756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        48⤵
        Program crash
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        47⤵
        Program crash
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        46⤵
        Program crash
        
        PID:800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        45⤵
        Program crash
        
        PID:1072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        44⤵
        Program crash
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        43⤵
        Program crash
        
        PID:868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        42⤵
        Program crash
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        41⤵
        Program crash
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        40⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        39⤵
        Program crash
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        38⤵
        Program crash
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        37⤵
        Program crash
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        36⤵
        Program crash
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        35⤵
        Program crash
        
        PID:1236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        34⤵
        Program crash
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        33⤵
        Program crash
        
        PID:1456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        32⤵
        Program crash
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        31⤵
        Program crash
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        30⤵
        Program crash
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        29⤵
        Program crash
        
        PID:780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        28⤵
        Program crash
        
        PID:1004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        27⤵
        Program crash
        
        PID:984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        26⤵
        Program crash
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        25⤵
        Program crash
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        24⤵
        Program crash
        
        PID:328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        23⤵
        Program crash
        
        PID:1588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        22⤵
        Program crash
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        21⤵
        Program crash
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        20⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        19⤵
        Program crash
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        18⤵
        Program crash
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        17⤵
        Program crash
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        16⤵
        Program crash
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        15⤵
        Program crash
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        14⤵
        Program crash
        
        PID:1444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        13⤵
        Program crash
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        12⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:1424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
  2⤵
  - Program crash
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe

Filesize
184KB

MD5
9e8bda1ba27eb196b6e0ce305cad759d

SHA1
a6603a9b5f7f9d755eb6dba47b70a44226b646c9

SHA256
49bdd86475dda9cb7dc51f90b37b638e992a5f9af65e6d02f2b7cae2a090ede0

SHA512
3b748125163b3105197fbb26ecac86b001f168cd4e788c15c91a6631134a875c1f136903175412820569d80d65ae2fa79e563b479f06bdd7c845fac2023f76a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe

Filesize
184KB

MD5
fe0150232c3c617cfd68b8a924bc9b11

SHA1
b03b2d470957e41ce995e7cb00225a2bfe1c8206

SHA256
d510931152e534be33417515388dc1b3e2080eaef3ad0fa45e521b0cf55206dd

SHA512
7817a2d378139b3284512db07038e51131d185480974b86a4920bbcd5d9611dcb9699ec3844acf89cd353292d467f2580619fbf0280f77034672b4969e3f9438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe

Filesize
184KB

MD5
4e32a5551fdc196ea62be65fdda5d3bf

SHA1
11f8146891097ea4312aa9d63e5153c2a5899267

SHA256
ecbb7c45aa37ac855317c753470d357a00d01418e87976048bde0bd3ab266304

SHA512
202475a068a4eae225dc91fe0e8f1bc81de0a0e9062daa5e0b48bfd6daa96e553f9da1d8083b83dcbfa88404f949ea65e437dcb224f2d40d9aeeaf633d43b412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe

Filesize
184KB

MD5
f9656b0a5793e6aff48d555c7a8a9f91

SHA1
5d642c003b055b412c4f541913bd09471bb64d3f

SHA256
e86e57ebcddc5cdf10d50e65dfddc253fc3d69d81ddb7190dd42e4fb1183e262

SHA512
0da6437d46e66dccf9630382ece353a5209ae90075c3e55c3332553e1aa0d39220ba0b8bf10bdc461953ce00e652b4cd52340a672faf8369e51f49884249ad16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe

Filesize
184KB

MD5
19c7944241202ad255a284d05b109137

SHA1
e1c323ec21974f39aec693e8214aa1ce8d2be6dc

SHA256
052228b710f4543ce23753abf5257d637777a3938b957f2c00f87d684f47923a

SHA512
837581b887813e914b29964614369287f693a26c973d51832af0ed874b29d6f6b834118eb8aae09492499f9213416911a9e97cf3c44b8510077030f674530d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe

Filesize
184KB

MD5
a9c166cbf09a469d876f18c113554a3c

SHA1
7b2a76823b5150abee5aa43c4cd5f5f76707a3cd

SHA256
819c4908fd2789f6f05775f3598cf0c9a9fdb0b5b3dbec203caa4064a746772e

SHA512
c9119647731a91cdea683ebb9792b5363d3374b0e1170d5d06ca827128aa553c429d48568a0f3bea8ff26a098842f1e602947243c7c38273908f3d8321841038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe

Filesize
184KB

MD5
08a580bf9ca1a6d559e930f74b25804f

SHA1
d755dbaa4fcce0e59b0fc9d0a2a2ea6fcf117ce3

SHA256
13e2d20ea0122f517db40be9d2c6de8cb5c2f84b20f32d1e5079905229aca95b

SHA512
06629f0854bc61548bf91434de00b5a825ab8d82ddd4090fd2fb29d172e61b38b902888947d6182d4fa7ab566a67796238f7caa4214e7fe4bdcb89a8461cc2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe

Filesize
184KB

MD5
0c860ee8c5405bf6d11ae79085a59b64

SHA1
670ff27c18713e989d9144ce71ca7052f741039d

SHA256
ad44535e95ea08883a1e434e77e463de80b941f8216db53835d7737a2fc07864

SHA512
73671323c5eaf65bb0140e5e3202a1300532f0af202eb81ffbd1c50b087591385bd07cea777dba1e4c8aa9bf7a61613f3d341999f5e3a60713c383abee877c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe

Filesize
184KB

MD5
dfe098fbc972957bdcde5b4e440399dc

SHA1
9877a8b962823a229bc8c4edffc078eb8f4a82c6

SHA256
dd4e5271f87139e956cec46b9e62d7176b2fe82afa250cdaba74f7853c9ac275

SHA512
70cf6d3fa96e03407146a116d32b09d5cc72b369911533b142d2b2d93f0adf44d1ea09b741c954e05c4056a09519bd5aca1d4ab76970f3904e26f7797ddc4628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe

Filesize
184KB

MD5
b985e22b98ba3906c5b04e5f818567fa

SHA1
2d152c1829ce76aad3f35795deaa95deaeb4e1a8

SHA256
089cd9029a4aea33fc3bf956f894eb14fe5afffee6091a51a0fbab70c2a0ee62

SHA512
c05f4350a4b7e22a8628935b822f59a489458ecefae0eb3c02777bd6490abe082a0e93410e35a25946a5c40dd9802935bd1b0c83cf35536d1bf045b5c6b7d919

Download Submit
memory/2804-201-0x00000000027C0000-0x000000000291C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads