3aa296c223fc571865d82351734c8ecda41fd6c9ea88bac01bb1f6f53f40152f

Analysis

max time kernel
9s
max time network
5s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
Size

184KB
MD5

eb27eae33f9b5bfdb0e4fd4565667ab0
SHA1

824d90dda11626c8d5dd68eba681c0d251c64803
SHA256

3aa296c223fc571865d82351734c8ecda41fd6c9ea88bac01bb1f6f53f40152f
SHA512

93d08deea0a81c887b190d7ba5da2972b0e43694f42a3f992ee7d29921428a16e9956e4775c39be013a1e9e35404386f0dfbb6597d2e15938510189b95a79887
SSDEEP

3072:Bx36raonYlqSdDXtWOy89pzGlvnqnviuPn2:BxXoD+DX+8jzGlPqnviuP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2956	Unicorn-55865.exe
2712	Unicorn-38634.exe
2592	Unicorn-35104.exe

Loads dropped DLL 6 IoCs

pid	Process
1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
2956	Unicorn-55865.exe
2956	Unicorn-55865.exe
1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
2956	Unicorn-55865.exe
2712	Unicorn-38634.exe
2592	Unicorn-35104.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2956	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	28
PID 1672 wrote to memory of 2956	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	28
PID 1672 wrote to memory of 2956	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	28
PID 1672 wrote to memory of 2956	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	28
PID 2956 wrote to memory of 2712	2956	Unicorn-55865.exe	29
PID 2956 wrote to memory of 2712	2956	Unicorn-55865.exe	29
PID 2956 wrote to memory of 2712	2956	Unicorn-55865.exe	29
PID 2956 wrote to memory of 2712	2956	Unicorn-55865.exe	29
PID 1672 wrote to memory of 2592	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	30
PID 1672 wrote to memory of 2592	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	30
PID 1672 wrote to memory of 2592	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	30
PID 1672 wrote to memory of 2592	1672	NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.eb27eae33f9b5bfdb0e4fd4565667ab0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe

Filesize
184KB

MD5
d2d9ba9c2dd997f51031bce9d461b20d

SHA1
902e1a7ee1776aebb1ec177a33c6d63612fd0cff

SHA256
f15266010213fda513f0d233f4f22ea85297236b9eaa19baf697eef1ee334247

SHA512
993fe709ac1a183149babf9bc28423716b72bdb7c9111e70ea5e57e8053042cebe8c00a338ad286c3c7cdeb4b25313f621389ef745231087e63b5a618092edb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe

Filesize
184KB

MD5
2cace4ea6ad7286f806478dfcff192df

SHA1
2d2eada995d3dc380b9fff05f4e05ea77ce08873

SHA256
3375581892a8d18178af6a0f92844faa45c7602def4e0c7ee121cd4686c5c0fe

SHA512
46d86b1ea0e166e6b097f17a266e580ea59ba5548d68ed9484a43c52a6d1b45baadad2a243e39c2d557347b905bb16d25beec29bc4827c224d7c57c1ed498722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe

Filesize
184KB

MD5
eaed3131cff48a8aacebc91127728092

SHA1
4ac7a5d156478eacd2ebca94352b16fb4f372477

SHA256
ea4c918b7540ca0ff11452b210532ebe3e214a75990427517c99a69b8043d3ce

SHA512
2d9846b88d7f21f262cfa72e3e085b0e19b813536f931a264fe89012d5af0612d697d428781aff2bd2cf8683811f4f025d9690c016513e2147a9f0cf04f27938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe

Filesize
184KB

MD5
eaed3131cff48a8aacebc91127728092

SHA1
4ac7a5d156478eacd2ebca94352b16fb4f372477

SHA256
ea4c918b7540ca0ff11452b210532ebe3e214a75990427517c99a69b8043d3ce

SHA512
2d9846b88d7f21f262cfa72e3e085b0e19b813536f931a264fe89012d5af0612d697d428781aff2bd2cf8683811f4f025d9690c016513e2147a9f0cf04f27938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe

Filesize
184KB

MD5
eaed3131cff48a8aacebc91127728092

SHA1
4ac7a5d156478eacd2ebca94352b16fb4f372477

SHA256
ea4c918b7540ca0ff11452b210532ebe3e214a75990427517c99a69b8043d3ce

SHA512
2d9846b88d7f21f262cfa72e3e085b0e19b813536f931a264fe89012d5af0612d697d428781aff2bd2cf8683811f4f025d9690c016513e2147a9f0cf04f27938

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe

Filesize
184KB

MD5
d2d9ba9c2dd997f51031bce9d461b20d

SHA1
902e1a7ee1776aebb1ec177a33c6d63612fd0cff

SHA256
f15266010213fda513f0d233f4f22ea85297236b9eaa19baf697eef1ee334247

SHA512
993fe709ac1a183149babf9bc28423716b72bdb7c9111e70ea5e57e8053042cebe8c00a338ad286c3c7cdeb4b25313f621389ef745231087e63b5a618092edb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe

Filesize
184KB

MD5
d2d9ba9c2dd997f51031bce9d461b20d

SHA1
902e1a7ee1776aebb1ec177a33c6d63612fd0cff

SHA256
f15266010213fda513f0d233f4f22ea85297236b9eaa19baf697eef1ee334247

SHA512
993fe709ac1a183149babf9bc28423716b72bdb7c9111e70ea5e57e8053042cebe8c00a338ad286c3c7cdeb4b25313f621389ef745231087e63b5a618092edb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe

Filesize
184KB

MD5
2cace4ea6ad7286f806478dfcff192df

SHA1
2d2eada995d3dc380b9fff05f4e05ea77ce08873

SHA256
3375581892a8d18178af6a0f92844faa45c7602def4e0c7ee121cd4686c5c0fe

SHA512
46d86b1ea0e166e6b097f17a266e580ea59ba5548d68ed9484a43c52a6d1b45baadad2a243e39c2d557347b905bb16d25beec29bc4827c224d7c57c1ed498722

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe

Filesize
184KB

MD5
2cace4ea6ad7286f806478dfcff192df

SHA1
2d2eada995d3dc380b9fff05f4e05ea77ce08873

SHA256
3375581892a8d18178af6a0f92844faa45c7602def4e0c7ee121cd4686c5c0fe

SHA512
46d86b1ea0e166e6b097f17a266e580ea59ba5548d68ed9484a43c52a6d1b45baadad2a243e39c2d557347b905bb16d25beec29bc4827c224d7c57c1ed498722

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe

Filesize
184KB

MD5
eaed3131cff48a8aacebc91127728092

SHA1
4ac7a5d156478eacd2ebca94352b16fb4f372477

SHA256
ea4c918b7540ca0ff11452b210532ebe3e214a75990427517c99a69b8043d3ce

SHA512
2d9846b88d7f21f262cfa72e3e085b0e19b813536f931a264fe89012d5af0612d697d428781aff2bd2cf8683811f4f025d9690c016513e2147a9f0cf04f27938

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe

Filesize
184KB

MD5
eaed3131cff48a8aacebc91127728092

SHA1
4ac7a5d156478eacd2ebca94352b16fb4f372477

SHA256
ea4c918b7540ca0ff11452b210532ebe3e214a75990427517c99a69b8043d3ce

SHA512
2d9846b88d7f21f262cfa72e3e085b0e19b813536f931a264fe89012d5af0612d697d428781aff2bd2cf8683811f4f025d9690c016513e2147a9f0cf04f27938

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads