d7098d7ed2c1b71a5e034e7dc723aa3d9a9caca9380bb36105fc1a8fcd2b8f68

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f7ea846d25d22ff2e5ca254b8179800N.exe
Size

184KB
MD5

6f7ea846d25d22ff2e5ca254b8179800
SHA1

7908cc4fceccb18b479329abaa17402088476cf0
SHA256

d7098d7ed2c1b71a5e034e7dc723aa3d9a9caca9380bb36105fc1a8fcd2b8f68
SHA512

a72d030c0db43e9eba5c22ed7d5663f4d60f7ae40f14a5af2c1749dd874d05e8cfd691a335a5f8386940c507aac3beaafadbb9c28b007004ef5002e85443dac6
SSDEEP

3072:5JUv6jonblxNdiDZhiT8sqWZlvnqCxiup:5JJorbiDw8DWZlPqCxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 39 IoCs

pid	Process
2560	Unicorn-50540.exe
2328	Unicorn-23353.exe
2824	Unicorn-16467.exe
2600	Unicorn-38636.exe
2128	Unicorn-16566.exe
696	Unicorn-6098.exe
1576	Unicorn-49757.exe
1020	Unicorn-14365.exe
2912	Unicorn-43320.exe
2440	Unicorn-45754.exe
1464	Unicorn-35287.exe
1272	Unicorn-37913.exe
1632	Unicorn-35194.exe
2224	Unicorn-29844.exe
764	Unicorn-27353.exe
1028	Unicorn-37955.exe
1560	Unicorn-11115.exe
2312	Unicorn-53513.exe
2720	Unicorn-1546.exe
2620	Unicorn-63583.exe
1896	Unicorn-480.exe
1992	Unicorn-28872.exe
2812	Unicorn-43786.exe
2880	Unicorn-47289.exe
2688	Unicorn-50107.exe
2988	Unicorn-61778.exe
1960	Unicorn-60548.exe
1888	Unicorn-14850.exe
2336	Unicorn-19205.exe
2692	Unicorn-55476.exe
2584	Unicorn-50126.exe
1824	Unicorn-16909.exe
1592	Unicorn-3006.exe
2648	Unicorn-23230.exe
2656	Unicorn-25664.exe
1656	Unicorn-50007.exe
356	Unicorn-44273.exe
2828	Unicorn-64304.exe
944	Unicorn-9478.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	6f7ea846d25d22ff2e5ca254b8179800N.exe
2320	6f7ea846d25d22ff2e5ca254b8179800N.exe
2560	Unicorn-50540.exe
2560	Unicorn-50540.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2328	Unicorn-23353.exe
2328	Unicorn-23353.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2844	WerFault.exe
2824	Unicorn-16467.exe
2824	Unicorn-16467.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
2600	Unicorn-38636.exe
2600	Unicorn-38636.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
2128	Unicorn-16566.exe
2128	Unicorn-16566.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
696	Unicorn-6098.exe
696	Unicorn-6098.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
1576	Unicorn-49757.exe
1576	Unicorn-49757.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
1020	Unicorn-14365.exe
1020	Unicorn-14365.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2912	Unicorn-43320.exe
2912	Unicorn-43320.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe

Program crash 39 IoCs

pid	pid_target	Process	procid_target
2376	2320	WerFault.exe	29
2792	2560	WerFault.exe	30
2844	2328	WerFault.exe	32
1756	2824	WerFault.exe	34
988	2600	WerFault.exe	37
1796	2128	WerFault.exe	39
580	696	WerFault.exe	41
2940	1576	WerFault.exe	43
2456	1020	WerFault.exe	45
2900	2912	WerFault.exe	47
1640	2440	WerFault.exe	49
1184	1464	WerFault.exe	51
2184	1272	WerFault.exe	53
1292	1632	WerFault.exe	55
3064	2224	WerFault.exe	57
2556	764	WerFault.exe	59
1912	1028	WerFault.exe	61
2124	1560	WerFault.exe	63
2872	2312	WerFault.exe	65
2652	2720	WerFault.exe	67
1636	2620	WerFault.exe	69
1240	1896	WerFault.exe	71
1952	1992	WerFault.exe	73
2904	2812	WerFault.exe	75
2920	2880	WerFault.exe	77
1572	2688	WerFault.exe	79
908	2988	WerFault.exe	81
1988	1960	WerFault.exe	83
1556	1888	WerFault.exe	85
2796	2336	WerFault.exe	87
2616	2692	WerFault.exe	89
1860	2584	WerFault.exe	91
2752	1824	WerFault.exe	93
2924	1592	WerFault.exe	95
2968	2648	WerFault.exe	97
2480	2656	WerFault.exe	99
1552	1656	WerFault.exe	101
2296	356	WerFault.exe	103
1680	2828	WerFault.exe	105

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
2320	6f7ea846d25d22ff2e5ca254b8179800N.exe
2560	Unicorn-50540.exe
2328	Unicorn-23353.exe
2824	Unicorn-16467.exe
2600	Unicorn-38636.exe
2128	Unicorn-16566.exe
696	Unicorn-6098.exe
1576	Unicorn-49757.exe
1020	Unicorn-14365.exe
2912	Unicorn-43320.exe
2440	Unicorn-45754.exe
1464	Unicorn-35287.exe
1272	Unicorn-37913.exe
1632	Unicorn-35194.exe
2224	Unicorn-29844.exe
764	Unicorn-27353.exe
1028	Unicorn-37955.exe
1560	Unicorn-11115.exe
2312	Unicorn-53513.exe
2720	Unicorn-1546.exe
2620	Unicorn-63583.exe
1896	Unicorn-480.exe
1992	Unicorn-28872.exe
2812	Unicorn-43786.exe
2880	Unicorn-47289.exe
2688	Unicorn-50107.exe
2988	Unicorn-61778.exe
1960	Unicorn-60548.exe
1888	Unicorn-14850.exe
2336	Unicorn-19205.exe
2692	Unicorn-55476.exe
2584	Unicorn-50126.exe
1824	Unicorn-16909.exe
1592	Unicorn-3006.exe
2648	Unicorn-23230.exe
2656	Unicorn-25664.exe
1656	Unicorn-50007.exe
356	Unicorn-44273.exe
2828	Unicorn-64304.exe
944	Unicorn-9478.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2560	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	30
PID 2320 wrote to memory of 2560	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	30
PID 2320 wrote to memory of 2560	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	30
PID 2320 wrote to memory of 2560	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	30
PID 2320 wrote to memory of 2376	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	31
PID 2320 wrote to memory of 2376	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	31
PID 2320 wrote to memory of 2376	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	31
PID 2320 wrote to memory of 2376	2320	6f7ea846d25d22ff2e5ca254b8179800N.exe	31
PID 2560 wrote to memory of 2328	2560	Unicorn-50540.exe	32
PID 2560 wrote to memory of 2328	2560	Unicorn-50540.exe	32
PID 2560 wrote to memory of 2328	2560	Unicorn-50540.exe	32
PID 2560 wrote to memory of 2328	2560	Unicorn-50540.exe	32
PID 2560 wrote to memory of 2792	2560	Unicorn-50540.exe	33
PID 2560 wrote to memory of 2792	2560	Unicorn-50540.exe	33
PID 2560 wrote to memory of 2792	2560	Unicorn-50540.exe	33
PID 2560 wrote to memory of 2792	2560	Unicorn-50540.exe	33
PID 2328 wrote to memory of 2824	2328	Unicorn-23353.exe	34
PID 2328 wrote to memory of 2824	2328	Unicorn-23353.exe	34
PID 2328 wrote to memory of 2824	2328	Unicorn-23353.exe	34
PID 2328 wrote to memory of 2824	2328	Unicorn-23353.exe	34
PID 2328 wrote to memory of 2844	2328	Unicorn-23353.exe	35
PID 2328 wrote to memory of 2844	2328	Unicorn-23353.exe	35
PID 2328 wrote to memory of 2844	2328	Unicorn-23353.exe	35
PID 2328 wrote to memory of 2844	2328	Unicorn-23353.exe	35
PID 2824 wrote to memory of 2600	2824	Unicorn-16467.exe	37
PID 2824 wrote to memory of 2600	2824	Unicorn-16467.exe	37
PID 2824 wrote to memory of 2600	2824	Unicorn-16467.exe	37
PID 2824 wrote to memory of 2600	2824	Unicorn-16467.exe	37
PID 2824 wrote to memory of 1756	2824	Unicorn-16467.exe	38
PID 2824 wrote to memory of 1756	2824	Unicorn-16467.exe	38
PID 2824 wrote to memory of 1756	2824	Unicorn-16467.exe	38
PID 2824 wrote to memory of 1756	2824	Unicorn-16467.exe	38
PID 2600 wrote to memory of 2128	2600	Unicorn-38636.exe	39
PID 2600 wrote to memory of 2128	2600	Unicorn-38636.exe	39
PID 2600 wrote to memory of 2128	2600	Unicorn-38636.exe	39
PID 2600 wrote to memory of 2128	2600	Unicorn-38636.exe	39
PID 2600 wrote to memory of 988	2600	Unicorn-38636.exe	40
PID 2600 wrote to memory of 988	2600	Unicorn-38636.exe	40
PID 2600 wrote to memory of 988	2600	Unicorn-38636.exe	40
PID 2600 wrote to memory of 988	2600	Unicorn-38636.exe	40
PID 2128 wrote to memory of 696	2128	Unicorn-16566.exe	41
PID 2128 wrote to memory of 696	2128	Unicorn-16566.exe	41
PID 2128 wrote to memory of 696	2128	Unicorn-16566.exe	41
PID 2128 wrote to memory of 696	2128	Unicorn-16566.exe	41
PID 2128 wrote to memory of 1796	2128	Unicorn-16566.exe	42
PID 2128 wrote to memory of 1796	2128	Unicorn-16566.exe	42
PID 2128 wrote to memory of 1796	2128	Unicorn-16566.exe	42
PID 2128 wrote to memory of 1796	2128	Unicorn-16566.exe	42
PID 696 wrote to memory of 1576	696	Unicorn-6098.exe	43
PID 696 wrote to memory of 1576	696	Unicorn-6098.exe	43
PID 696 wrote to memory of 1576	696	Unicorn-6098.exe	43
PID 696 wrote to memory of 1576	696	Unicorn-6098.exe	43
PID 696 wrote to memory of 580	696	Unicorn-6098.exe	44
PID 696 wrote to memory of 580	696	Unicorn-6098.exe	44
PID 696 wrote to memory of 580	696	Unicorn-6098.exe	44
PID 696 wrote to memory of 580	696	Unicorn-6098.exe	44
PID 1576 wrote to memory of 1020	1576	Unicorn-49757.exe	45
PID 1576 wrote to memory of 1020	1576	Unicorn-49757.exe	45
PID 1576 wrote to memory of 1020	1576	Unicorn-49757.exe	45
PID 1576 wrote to memory of 1020	1576	Unicorn-49757.exe	45
PID 1576 wrote to memory of 2940	1576	Unicorn-49757.exe	46
PID 1576 wrote to memory of 2940	1576	Unicorn-49757.exe	46
PID 1576 wrote to memory of 2940	1576	Unicorn-49757.exe	46
PID 1576 wrote to memory of 2940	1576	Unicorn-49757.exe	46

C:\Users\Admin\AppData\Local\Temp\6f7ea846d25d22ff2e5ca254b8179800N.exe
"C:\Users\Admin\AppData\Local\Temp\6f7ea846d25d22ff2e5ca254b8179800N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1546.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        40⤵
        Program crash
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        39⤵
        Program crash
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        38⤵
        Program crash
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        37⤵
        Program crash
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        36⤵
        Program crash
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        35⤵
        Program crash
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        34⤵
        Program crash
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        33⤵
        Program crash
        
        PID:1860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        32⤵
        Program crash
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        31⤵
        Program crash
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        30⤵
        Program crash
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        29⤵
        Program crash
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        28⤵
        Program crash
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        27⤵
        Program crash
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        26⤵
        Program crash
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        25⤵
        Program crash
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        24⤵
        Program crash
        
        PID:1952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        23⤵
        Program crash
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        22⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        21⤵
        Program crash
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        20⤵
        Program crash
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        19⤵
        Program crash
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        18⤵
        Program crash
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        17⤵
        Program crash
        
        PID:2556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        16⤵
        Program crash
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        15⤵
        Program crash
        
        PID:1292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        14⤵
        Program crash
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        13⤵
        Program crash
        
        PID:1184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        12⤵
        Program crash
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:2900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
  2⤵
  - Program crash
  PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe

Filesize
184KB

MD5
e2920999699554e4d0862a8ed211cb82

SHA1
9aa8de69f5f9f25be02bf721a379bed036ee631f

SHA256
3d832d6ab34817fc6d745eb174ba88870341d4846ee60f9fd50b26f13a61df42

SHA512
ce7c3c159ebbd14af66d584435c5bddc5e75c5e63b4a02db35ad982f7bdd150a52d6f50b6349bef15969e65b6ecc986e16f2ed964b1f1c2bfaba64af64511b7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe

Filesize
184KB

MD5
7ab9267e996c08ea78e8d40e43c79199

SHA1
f3711950ca16de8870da50e73e6ab21801e053a6

SHA256
dccc820732356600ed5f2cc7feac6ff00ccf1a99e524b93e9d7956e5c17008ee

SHA512
74ddac6c502f1d9f90be699a0b4f8b7a8716b4846d4e71966330ccec334537d856011116a28b8b4661b83fd7a0708eef243d98b17166b87e1cd43d4d3ef70ff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe

Filesize
184KB

MD5
79467a72e6009396868db8e175358f09

SHA1
468785e3e059ce8ec021d0d9d277ab5af9c2f31e

SHA256
115f5c9cfe076fc81593ffc5f753ba5f2667c8c1fddfeb2c1f9ee0650d9a533d

SHA512
4d70553646a812d40436ecef7c0fd9bc7de7c67292e4e010cea680468a28a24101373cf6bb456d615fb7a06c0c523d33f92b7fa89e29aa087bb888e3f32a04b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe

Filesize
184KB

MD5
b1d49767e1fa894fc2bd273ff1486cb8

SHA1
25462616ca99d3ddced5543524d68fd841b4abd1

SHA256
ab8633d9b0b3bb367522e0433859ace950adc1972a2fdbc9f406db23d6de8dbc

SHA512
728bc33d5a6cb4d5621e4ee88ff4920a94d7d6125b5fc3a4334b94d946604c9fccc5f316bb56642d6facb29466c11d34689024d9a8ad03de03d564f74cba598e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe

Filesize
184KB

MD5
cc4a1426c24bec0bb5f5007c624a295c

SHA1
05505a567c62b61bd1dec0fbe36019b9cdfa20d1

SHA256
004719eb08482f60715d66c1e298dda8c234d4e64362495009c4185aa9fa2119

SHA512
e0a322d8108c6d9231101c573572efa43bc04a34a311b2fe987b6543e6bc539192e129de61057ca008ee8f226bc4bc553aeb7ba91c3278ab39ddf292b2a3b87e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe

Filesize
184KB

MD5
d0332d7554d98412e75af2c9c9213199

SHA1
574946eddfb52e34954f09adee54c99a043e410d

SHA256
16613364acb218999252d1b28a1809c23e78a79d8df385e49f6a1259ea3e8b7e

SHA512
79f9b41950b134ed11f25109dcd6dd978bc0b8dff263b340933693c49db4e7aa198355653293e900f12557c2cd1550b93b0d0520d835a8c8e6ae0112ff0c39cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe

Filesize
184KB

MD5
041bb3f24063fe0d2a03d819342e2068

SHA1
cd646f7eb317839964b1d1d68840fb9897d1901f

SHA256
63e21f719aa9bcccfc95a49fb3ed6ba11063dd5d7b5bbdac9ad8570bb6cd4eef

SHA512
695e121e246044c11bb5af140b7e94f5fd063be334c38b18fb001c73a17db1360ddf1be9090ede40e79154718b9a76cd5e320d28c532edbdfe65b631dc4635ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe

Filesize
184KB

MD5
10d6677beb64c6beea857dce7fee5fd7

SHA1
a0ef98569ffa011881fe2345d401511fde42048b

SHA256
8b04097aed8fbb8b7a239d48abacb6637c58009ea340d216d5158b5b47c2c310

SHA512
997cdf6ffc846d075b555e1cb34a5ce25465ae8447f4de503ca64d385bdd7a71445070baffddbc45fff79ec9fa50392a14cca145db8675b56c127a4163a57512

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads