240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 20:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe
Size

184KB
MD5

ae08bb2449fa2924148b4bf87925a617
SHA1

407078531c9ca1776bcb0fd81c84c3a7ca23a157
SHA256

240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07
SHA512

7424790a7ea65b4d8b5968d4daa4bd3dee396cafbfb18b02e3df53a424afd264564c2cc1fd94a7148ff578d082ae3fcc2decfb3fedc9b3798783f2fd7aa144c9
SSDEEP

3072:oIDAcXonKlipdXuwWqaFRnJpLlvnqntiuRn7:oIzohnXulRJpLlPqntiuR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 45 IoCs

pid	Process
1672	Unicorn-9001.exe
2664	Unicorn-55078.exe
2628	Unicorn-16267.exe
2112	Unicorn-15436.exe
2432	Unicorn-13381.exe
2804	Unicorn-40107.exe
1864	Unicorn-51565.exe
856	Unicorn-12753.exe
2304	Unicorn-29905.exe
1932	Unicorn-6552.exe
584	Unicorn-64004.exe
1088	Unicorn-21109.exe
3024	Unicorn-63101.exe
1436	Unicorn-55016.exe
2868	Unicorn-19376.exe
1064	Unicorn-11290.exe
1912	Unicorn-35878.exe
2940	Unicorn-10387.exe
2588	Unicorn-35167.exe
340	Unicorn-14793.exe
2564	Unicorn-24114.exe
2696	Unicorn-48701.exe
344	Unicorn-23211.exe
1988	Unicorn-47990.exe
2040	Unicorn-27617.exe
1936	Unicorn-4840.exe
1048	Unicorn-62292.exe
828	Unicorn-19397.exe
1320	Unicorn-61581.exe
896	Unicorn-39166.exe
2600	Unicorn-15622.exe
2824	Unicorn-7536.exe
2096	Unicorn-32316.exe
2620	Unicorn-41636.exe
1804	Unicorn-686.exe
1140	Unicorn-45850.exe
2336	Unicorn-57308.exe
3000	Unicorn-14412.exe
2228	Unicorn-23733.exe
992	Unicorn-48320.exe
408	Unicorn-27947.exe
1844	Unicorn-39405.exe
2204	Unicorn-31320.exe
2860	Unicorn-56675.exe
2064	Unicorn-458.exe

Loads dropped DLL 64 IoCs

pid	Process
1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe
1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe
1672	Unicorn-9001.exe
1672	Unicorn-9001.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2664	Unicorn-55078.exe
2664	Unicorn-55078.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2628	Unicorn-16267.exe
2628	Unicorn-16267.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2112	Unicorn-15436.exe
2112	Unicorn-15436.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2432	Unicorn-13381.exe
2432	Unicorn-13381.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2804	Unicorn-40107.exe
2804	Unicorn-40107.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1864	Unicorn-51565.exe
1864	Unicorn-51565.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
856	Unicorn-12753.exe
856	Unicorn-12753.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2304	Unicorn-29905.exe
2304	Unicorn-29905.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe

Program crash 46 IoCs

pid	pid_target	Process	procid_target
2536	1668	WerFault.exe	27
2576	1672	WerFault.exe	28
2372	2664	WerFault.exe	30
2960	2628	WerFault.exe	32
2544	2112	WerFault.exe	34
2244	2432	WerFault.exe	36
1176	2804	WerFault.exe	38
2956	1864	WerFault.exe	40
2224	856	WerFault.exe	42
668	2304	WerFault.exe	44
572	1932	WerFault.exe	46
2312	584	WerFault.exe	48
3004	1088	WerFault.exe	50
944	3024	WerFault.exe	52
900	1436	WerFault.exe	54
1428	2868	WerFault.exe	56
1532	1064	WerFault.exe	60
1464	1912	WerFault.exe	62
2720	2940	WerFault.exe	64
2440	2588	WerFault.exe	66
2976	340	WerFault.exe	68
2692	2564	WerFault.exe	70
2140	2696	WerFault.exe	72
1900	344	WerFault.exe	74
1240	1988	WerFault.exe	76
2300	2040	WerFault.exe	78
1404	1936	WerFault.exe	80
1200	1048	WerFault.exe	82
1688	828	WerFault.exe	84
1704	1320	WerFault.exe	86
2968	896	WerFault.exe	88
2724	2600	WerFault.exe	90
2068	2824	WerFault.exe	92
1408	2096	WerFault.exe	94
2100	2620	WerFault.exe	96
2324	1804	WerFault.exe	98
1260	1140	WerFault.exe	100
2816	2336	WerFault.exe	102
2596	3000	WerFault.exe	104
2012	2228	WerFault.exe	106
2328	992	WerFault.exe	108
2992	408	WerFault.exe	110
348	1844	WerFault.exe	112
2212	2204	WerFault.exe	114
1476	2860	WerFault.exe	116
2540	2064	WerFault.exe	118

Suspicious use of SetWindowsHookEx 46 IoCs

pid	Process
1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe
1672	Unicorn-9001.exe
2664	Unicorn-55078.exe
2628	Unicorn-16267.exe
2112	Unicorn-15436.exe
2432	Unicorn-13381.exe
2804	Unicorn-40107.exe
1864	Unicorn-51565.exe
856	Unicorn-12753.exe
2304	Unicorn-29905.exe
1932	Unicorn-6552.exe
584	Unicorn-64004.exe
1088	Unicorn-21109.exe
3024	Unicorn-63101.exe
1436	Unicorn-55016.exe
2868	Unicorn-19376.exe
1064	Unicorn-11290.exe
1912	Unicorn-35878.exe
2940	Unicorn-10387.exe
2588	Unicorn-35167.exe
340	Unicorn-14793.exe
2564	Unicorn-24114.exe
2696	Unicorn-48701.exe
344	Unicorn-23211.exe
1988	Unicorn-47990.exe
2040	Unicorn-27617.exe
1936	Unicorn-4840.exe
1048	Unicorn-62292.exe
828	Unicorn-19397.exe
1320	Unicorn-61581.exe
896	Unicorn-39166.exe
2600	Unicorn-15622.exe
2824	Unicorn-7536.exe
2096	Unicorn-32316.exe
2620	Unicorn-41636.exe
1804	Unicorn-686.exe
1140	Unicorn-45850.exe
2336	Unicorn-57308.exe
3000	Unicorn-14412.exe
2228	Unicorn-23733.exe
992	Unicorn-48320.exe
408	Unicorn-27947.exe
1844	Unicorn-39405.exe
2204	Unicorn-31320.exe
2860	Unicorn-56675.exe
2064	Unicorn-458.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1672	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	28
PID 1668 wrote to memory of 1672	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	28
PID 1668 wrote to memory of 1672	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	28
PID 1668 wrote to memory of 1672	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	28
PID 1668 wrote to memory of 2536	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	29
PID 1668 wrote to memory of 2536	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	29
PID 1668 wrote to memory of 2536	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	29
PID 1668 wrote to memory of 2536	1668	240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe	29
PID 1672 wrote to memory of 2664	1672	Unicorn-9001.exe	30
PID 1672 wrote to memory of 2664	1672	Unicorn-9001.exe	30
PID 1672 wrote to memory of 2664	1672	Unicorn-9001.exe	30
PID 1672 wrote to memory of 2664	1672	Unicorn-9001.exe	30
PID 1672 wrote to memory of 2576	1672	Unicorn-9001.exe	31
PID 1672 wrote to memory of 2576	1672	Unicorn-9001.exe	31
PID 1672 wrote to memory of 2576	1672	Unicorn-9001.exe	31
PID 1672 wrote to memory of 2576	1672	Unicorn-9001.exe	31
PID 2664 wrote to memory of 2628	2664	Unicorn-55078.exe	32
PID 2664 wrote to memory of 2628	2664	Unicorn-55078.exe	32
PID 2664 wrote to memory of 2628	2664	Unicorn-55078.exe	32
PID 2664 wrote to memory of 2628	2664	Unicorn-55078.exe	32
PID 2664 wrote to memory of 2372	2664	Unicorn-55078.exe	33
PID 2664 wrote to memory of 2372	2664	Unicorn-55078.exe	33
PID 2664 wrote to memory of 2372	2664	Unicorn-55078.exe	33
PID 2664 wrote to memory of 2372	2664	Unicorn-55078.exe	33
PID 2628 wrote to memory of 2112	2628	Unicorn-16267.exe	34
PID 2628 wrote to memory of 2112	2628	Unicorn-16267.exe	34
PID 2628 wrote to memory of 2112	2628	Unicorn-16267.exe	34
PID 2628 wrote to memory of 2112	2628	Unicorn-16267.exe	34
PID 2628 wrote to memory of 2960	2628	Unicorn-16267.exe	35
PID 2628 wrote to memory of 2960	2628	Unicorn-16267.exe	35
PID 2628 wrote to memory of 2960	2628	Unicorn-16267.exe	35
PID 2628 wrote to memory of 2960	2628	Unicorn-16267.exe	35
PID 2112 wrote to memory of 2432	2112	Unicorn-15436.exe	36
PID 2112 wrote to memory of 2432	2112	Unicorn-15436.exe	36
PID 2112 wrote to memory of 2432	2112	Unicorn-15436.exe	36
PID 2112 wrote to memory of 2432	2112	Unicorn-15436.exe	36
PID 2112 wrote to memory of 2544	2112	Unicorn-15436.exe	37
PID 2112 wrote to memory of 2544	2112	Unicorn-15436.exe	37
PID 2112 wrote to memory of 2544	2112	Unicorn-15436.exe	37
PID 2112 wrote to memory of 2544	2112	Unicorn-15436.exe	37
PID 2432 wrote to memory of 2804	2432	Unicorn-13381.exe	38
PID 2432 wrote to memory of 2804	2432	Unicorn-13381.exe	38
PID 2432 wrote to memory of 2804	2432	Unicorn-13381.exe	38
PID 2432 wrote to memory of 2804	2432	Unicorn-13381.exe	38
PID 2432 wrote to memory of 2244	2432	Unicorn-13381.exe	39
PID 2432 wrote to memory of 2244	2432	Unicorn-13381.exe	39
PID 2432 wrote to memory of 2244	2432	Unicorn-13381.exe	39
PID 2432 wrote to memory of 2244	2432	Unicorn-13381.exe	39
PID 2804 wrote to memory of 1864	2804	Unicorn-40107.exe	40
PID 2804 wrote to memory of 1864	2804	Unicorn-40107.exe	40
PID 2804 wrote to memory of 1864	2804	Unicorn-40107.exe	40
PID 2804 wrote to memory of 1864	2804	Unicorn-40107.exe	40
PID 2804 wrote to memory of 1176	2804	Unicorn-40107.exe	41
PID 2804 wrote to memory of 1176	2804	Unicorn-40107.exe	41
PID 2804 wrote to memory of 1176	2804	Unicorn-40107.exe	41
PID 2804 wrote to memory of 1176	2804	Unicorn-40107.exe	41
PID 1864 wrote to memory of 856	1864	Unicorn-51565.exe	42
PID 1864 wrote to memory of 856	1864	Unicorn-51565.exe	42
PID 1864 wrote to memory of 856	1864	Unicorn-51565.exe	42
PID 1864 wrote to memory of 856	1864	Unicorn-51565.exe	42
PID 1864 wrote to memory of 2956	1864	Unicorn-51565.exe	43
PID 1864 wrote to memory of 2956	1864	Unicorn-51565.exe	43
PID 1864 wrote to memory of 2956	1864	Unicorn-51565.exe	43
PID 1864 wrote to memory of 2956	1864	Unicorn-51565.exe	43

C:\Users\Admin\AppData\Local\Temp\240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe
"C:\Users\Admin\AppData\Local\Temp\240cf78d46aa22b037c2ee4c6f232590e05598e5c767e2642310d1f4c3937f07.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        47⤵
        Program crash
        
        PID:2540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        46⤵
        Program crash
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        45⤵
        Program crash
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        44⤵
        Program crash
        
        PID:348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 236
        43⤵
        Program crash
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
        42⤵
        Program crash
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        41⤵
        Program crash
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        40⤵
        Program crash
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        39⤵
        Program crash
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        38⤵
        Program crash
        
        PID:1260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        37⤵
        Program crash
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        36⤵
        Program crash
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        35⤵
        Program crash
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        34⤵
        Program crash
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        33⤵
        Program crash
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
        32⤵
        Program crash
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        31⤵
        Program crash
        
        PID:1704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
        30⤵
        Program crash
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        29⤵
        Program crash
        
        PID:1200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        28⤵
        Program crash
        
        PID:1404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        27⤵
        Program crash
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        26⤵
        Program crash
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
        25⤵
        Program crash
        
        PID:1900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        24⤵
        Program crash
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        23⤵
        Program crash
        
        PID:2692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        22⤵
        Program crash
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        21⤵
        Program crash
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        20⤵
        Program crash
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        19⤵
        Program crash
        
        PID:1464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        18⤵
        Program crash
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        17⤵
        Program crash
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        16⤵
        Program crash
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        15⤵
        Program crash
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        14⤵
        Program crash
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        13⤵
        Program crash
        
        PID:2312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        12⤵
        Program crash
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:2244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
  2⤵
  - Program crash
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe

Filesize
184KB

MD5
81ed0328c04d2888a46a1e8cb1c076f1

SHA1
879c7044d015d5fd86e5ed91be85b3362825aa6e

SHA256
379d787e595b3d0a0ea1a047f940155b88a56ceff971104480d2d7dee8071d1b

SHA512
4433989b0874684072e6e2e1d03f1224fcd6c864e111083686ade54477955ad26b09415582cc1d2ee847e79edb33de98aee87e21d37f7a179639647f404ba535

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe

Filesize
184KB

MD5
4a924b1dba9add8d4a664392b82b7e94

SHA1
b497b22592a5815be347a8fa5cf24f66c9d50a01

SHA256
94c2f6f7177815bc5f7bf2a4057b2990ac61d64e748bcd0cf16194f406dd1f48

SHA512
2a8f162113de70e7a978051c4819c1455898d0cc28c35b260a0330b292d35c316eb94ff5921e6e9391604e8247258044a4221d1b8c682a56233e58cd81bdcb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe

Filesize
184KB

MD5
ca9f211c2fa3666baa56c303d0862f66

SHA1
2067c87b5857892291a186edd68f8c4a2f135a33

SHA256
ad13dfa225df03956d3d770d902913f0de5beec360236fa2534a3aea464a2ee4

SHA512
37d4a2fe873910e7117e483755185791c91bba98219d77a2c45d6446731929776571d7f64f2135f64f67bc4aaa30bbd1a2c70e199960497a199c2d980c21c56b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe

Filesize
184KB

MD5
e956a419ff875402a2aa856b1fda9237

SHA1
ec92f3d2826a6a26d58696cbf8bed7088926ef2a

SHA256
2e584ff7e4824f23e25db0747811f71b3dd65523c845132bbb6dcdd6783dabb7

SHA512
b5a7c127631113926387af12b12460e824f3ea05fbc9eb82e33534b0e2d8947650d46d045c3c4c15b4f466be1beb10e683e6246bb46df1e7c9d35b3a6e2dc168

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe

Filesize
184KB

MD5
6fdc4b8912702d4a3b86d88a917b50ea

SHA1
d8d8d5eeddb1e1f7d358c66add94b945b30d3f08

SHA256
113a9c22ca6140486246bbdc227493356f040b1f92024cc409b7bec53b2c81f0

SHA512
f8fb04e46260645ef11cd59d8e30136064c12ef1c7d9458842546c4db9a8f755f387a3b9ea6a487cd725e84446b27d11fc8151b9e5c95f869881bf51926585bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe

Filesize
184KB

MD5
1db12844e92c98a8146437ae38eeecde

SHA1
325d47b0e89a3bf479cd1b4e10545664cd00fb55

SHA256
07993a627aac07e720ed85677cb593dd3b4b21add42e01300eb598e2a1cde77d

SHA512
3b2bd1675208a56c0714115cbb1ad6cb2dafba1e3b32a224d89aa89f213cefa0fbfc7e2e819e3df8fdb02259e9da0fadc4af78e2a30d1573e3c48d67af99c6ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe

Filesize
184KB

MD5
7d3489fc8152d7ddc6afc2d6f179ad2d

SHA1
ebce77ebc2bfcaca658cbc43f1155647d81bfe79

SHA256
b427e571abb594f0354ced3e3f0f70580e896244e94983c4b27813a747352063

SHA512
4d7731e77f4a57b46690cfe33c084cb2474e7f82e3e491929a6a5fba6c835cea1e1deb56130a651744513d5bf0fde5c9af1dd1fd127ba6fc59b0f6666355d356

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe

Filesize
184KB

MD5
673bde41d8235d565c344d8c5a38c71f

SHA1
be0b4acef089e56d70abb80d4ff9608f32e92da7

SHA256
554f4665b0277ac888a0b131d87a97f3146348dfe799dd94758e3af5fda5974b

SHA512
0e802e99ecca84e8d568afed3655564e94bb714db1442f2781e49185e55cc14ae7d4ba8456baa35810e26169a8e867074f24daa74168a8b7434972fd97b0c4ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe

Filesize
184KB

MD5
8b24124eeb2f5018e6797f0d94be7ac8

SHA1
e6d6db82e6e15d155e984cb669e7f8989df57b2f

SHA256
a4d03921f84a6ac2e3d98637df0db0ef6882f5abec09beae2482084782e6e4d9

SHA512
6d19e80af67c102ac94c04d7ad44244cad602dd64872dc323f86a94989fbc28659d4d5a8d07bce315275c760f2bb4ecd9f95c61924e4e9b36e526334f149c2f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads