f2f0217bc3a425cdf0fd277e27e621d0422a6595c2b4cadad849c7322cc20b3b

Analysis

max time kernel
16s
max time network
19s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
Size

184KB
MD5

86dca22769a3cfc4c1457e34dc36d450
SHA1

b3ac732418ccd83f14402170afb6949cf19e1157
SHA256

f2f0217bc3a425cdf0fd277e27e621d0422a6595c2b4cadad849c7322cc20b3b
SHA512

a93a7fa836189b9cbbaa0f5bef112f48abad1ea9100a341a7ab4827d4404bb15a9158d901b7700a607cf8808f20142e76a6ce41b4c8943ff0a87c80593136636
SSDEEP

3072:G63sCkon4eNqd4rtWC98VGvUlvnqnvinonR:G6Sozm4rF8cvUlPqnvino

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2548	Unicorn-41661.exe
3060	Unicorn-19185.exe
2608	Unicorn-34967.exe
2668	Unicorn-34618.exe
2580	Unicorn-1199.exe

Loads dropped DLL 11 IoCs

pid	Process
1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
2548	Unicorn-41661.exe
1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
2548	Unicorn-41661.exe
2548	Unicorn-41661.exe
2548	Unicorn-41661.exe
2608	Unicorn-34967.exe
2608	Unicorn-34967.exe
2608	Unicorn-34967.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
2548	Unicorn-41661.exe
2608	Unicorn-34967.exe
2668	Unicorn-34618.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2548	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	28
PID 1980 wrote to memory of 2548	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	28
PID 1980 wrote to memory of 2548	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	28
PID 1980 wrote to memory of 2548	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	28
PID 1980 wrote to memory of 3060	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	29
PID 1980 wrote to memory of 3060	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	29
PID 1980 wrote to memory of 3060	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	29
PID 1980 wrote to memory of 3060	1980	NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe	29
PID 2548 wrote to memory of 2608	2548	Unicorn-41661.exe	30
PID 2548 wrote to memory of 2608	2548	Unicorn-41661.exe	30
PID 2548 wrote to memory of 2608	2548	Unicorn-41661.exe	30
PID 2548 wrote to memory of 2608	2548	Unicorn-41661.exe	30
PID 2548 wrote to memory of 2668	2548	Unicorn-41661.exe	31
PID 2548 wrote to memory of 2668	2548	Unicorn-41661.exe	31
PID 2548 wrote to memory of 2668	2548	Unicorn-41661.exe	31
PID 2548 wrote to memory of 2668	2548	Unicorn-41661.exe	31
PID 2608 wrote to memory of 2580	2608	Unicorn-34967.exe	32
PID 2608 wrote to memory of 2580	2608	Unicorn-34967.exe	32
PID 2608 wrote to memory of 2580	2608	Unicorn-34967.exe	32
PID 2608 wrote to memory of 2580	2608	Unicorn-34967.exe	32

C:\Users\Admin\AppData\Local\Temp\NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.86dca22769a3cfc4c1457e34dc36d450_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
      4⤵
      Executes dropped EXE
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
  2⤵
  - Executes dropped EXE
  PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe

Filesize
184KB

MD5
678995439f399b2a7777e9a80d272ec1

SHA1
1da93f0c4510d9c81ee3904a4a2334674afa6908

SHA256
a1d1cc3d51c62205f64e76bb4dfc28212456ef6f6d8d42ae69dec09ba9b91394

SHA512
92a43873daf315a45ab65bbd3c923914ccbaaf38e9d9b83ed1f884531381deaaadf2617d78473e8d1014ee859b6322dc71b847bbcf1cf28a2a4693b6817fc544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe

Filesize
184KB

MD5
fb66a6def267b8e4b967344ceeb5da00

SHA1
551da86653cec270a10a94759bd33a2f377275bc

SHA256
7bddee84bb91a3815a4e24e2ac71f66b813d30b03c6b77041d2424049dbf9a7b

SHA512
f9eb34d33101cb30987ce3fe4fb21510e207f00f25d78be5ba647ad0e6e1b461c67792a10057903b8a0815f9d33960e8c09781ed8bc0fed5c06c35541a49538a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe

Filesize
184KB

MD5
64c385d65d382461f3c48fdce7cab14d

SHA1
da1a82cceccbb7be97dbdf9124bf7e26ca79d41f

SHA256
12737b9f7642436d552c7f040a3df9261f0cd128e33313e4c51397ab05f039f4

SHA512
758530b8ebb89d46bf81829def47cf489b64b9367f17fd2c83f3915d1efa1244c9bd3ed01df39eaeb676f0bd5ca8c9ff2f0b22edb04dc59e454a436d9214e6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe

Filesize
184KB

MD5
07d4fb8b8bca51bfe57d54a18a4a1fd4

SHA1
58f7b19cd2de281dcfd748a839f27d378f2c9b0b

SHA256
790082f800b7bad8f78dd678da7aaa3cf541944a00166164a408d6f82a16af92

SHA512
dae3913e514fcfc989f70d94a529c27fd4883701018444f18f277f281f3ad50f3ac13abdc720f2e22fe197f11c444d9ef04f31e1a65b0898efb71c12b0b68152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe

Filesize
184KB

MD5
9df0376637993ad002da0d1812a98ebd

SHA1
7aa10e6f7977bc9e0854e40b7ac26eaa41eeb6be

SHA256
4adc6bc6e26909accc511d54712620246921d17c1712b45f3fe8876667b586d1

SHA512
89ad4f06f60e3d72e8b3dc0d52a5d4297104f88aca605df089963e636c14588af28b37e6adab6f49e7d0bd7792f847d7462894bc4e28ea318a9cfe2100efda19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe

Filesize
184KB

MD5
9df0376637993ad002da0d1812a98ebd

SHA1
7aa10e6f7977bc9e0854e40b7ac26eaa41eeb6be

SHA256
4adc6bc6e26909accc511d54712620246921d17c1712b45f3fe8876667b586d1

SHA512
89ad4f06f60e3d72e8b3dc0d52a5d4297104f88aca605df089963e636c14588af28b37e6adab6f49e7d0bd7792f847d7462894bc4e28ea318a9cfe2100efda19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe

Filesize
184KB

MD5
67cc85a58a9a70a3c5ab938a19f3896a

SHA1
33b028c3daa405c2751f1c7acdbea1f6b80e8a27

SHA256
95c5833240bec371b1c3738bd05ad80c5882e1455f94caa1387d5a8a70eb3e8e

SHA512
a9b050559dbd8edd4684eb7d85c837b1ff22f87c74704c961eb565ca674c6ab5366ee83a40e51f2a89a56bf714054cdf555b52a57ef94b91b2234318a3870a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe

Filesize
184KB

MD5
67cc85a58a9a70a3c5ab938a19f3896a

SHA1
33b028c3daa405c2751f1c7acdbea1f6b80e8a27

SHA256
95c5833240bec371b1c3738bd05ad80c5882e1455f94caa1387d5a8a70eb3e8e

SHA512
a9b050559dbd8edd4684eb7d85c837b1ff22f87c74704c961eb565ca674c6ab5366ee83a40e51f2a89a56bf714054cdf555b52a57ef94b91b2234318a3870a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe

Filesize
184KB

MD5
67cc85a58a9a70a3c5ab938a19f3896a

SHA1
33b028c3daa405c2751f1c7acdbea1f6b80e8a27

SHA256
95c5833240bec371b1c3738bd05ad80c5882e1455f94caa1387d5a8a70eb3e8e

SHA512
a9b050559dbd8edd4684eb7d85c837b1ff22f87c74704c961eb565ca674c6ab5366ee83a40e51f2a89a56bf714054cdf555b52a57ef94b91b2234318a3870a75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe

Filesize
184KB

MD5
678995439f399b2a7777e9a80d272ec1

SHA1
1da93f0c4510d9c81ee3904a4a2334674afa6908

SHA256
a1d1cc3d51c62205f64e76bb4dfc28212456ef6f6d8d42ae69dec09ba9b91394

SHA512
92a43873daf315a45ab65bbd3c923914ccbaaf38e9d9b83ed1f884531381deaaadf2617d78473e8d1014ee859b6322dc71b847bbcf1cf28a2a4693b6817fc544

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe

Filesize
184KB

MD5
678995439f399b2a7777e9a80d272ec1

SHA1
1da93f0c4510d9c81ee3904a4a2334674afa6908

SHA256
a1d1cc3d51c62205f64e76bb4dfc28212456ef6f6d8d42ae69dec09ba9b91394

SHA512
92a43873daf315a45ab65bbd3c923914ccbaaf38e9d9b83ed1f884531381deaaadf2617d78473e8d1014ee859b6322dc71b847bbcf1cf28a2a4693b6817fc544

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe

Filesize
184KB

MD5
fb66a6def267b8e4b967344ceeb5da00

SHA1
551da86653cec270a10a94759bd33a2f377275bc

SHA256
7bddee84bb91a3815a4e24e2ac71f66b813d30b03c6b77041d2424049dbf9a7b

SHA512
f9eb34d33101cb30987ce3fe4fb21510e207f00f25d78be5ba647ad0e6e1b461c67792a10057903b8a0815f9d33960e8c09781ed8bc0fed5c06c35541a49538a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe

Filesize
184KB

MD5
fb66a6def267b8e4b967344ceeb5da00

SHA1
551da86653cec270a10a94759bd33a2f377275bc

SHA256
7bddee84bb91a3815a4e24e2ac71f66b813d30b03c6b77041d2424049dbf9a7b

SHA512
f9eb34d33101cb30987ce3fe4fb21510e207f00f25d78be5ba647ad0e6e1b461c67792a10057903b8a0815f9d33960e8c09781ed8bc0fed5c06c35541a49538a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe

Filesize
184KB

MD5
64c385d65d382461f3c48fdce7cab14d

SHA1
da1a82cceccbb7be97dbdf9124bf7e26ca79d41f

SHA256
12737b9f7642436d552c7f040a3df9261f0cd128e33313e4c51397ab05f039f4

SHA512
758530b8ebb89d46bf81829def47cf489b64b9367f17fd2c83f3915d1efa1244c9bd3ed01df39eaeb676f0bd5ca8c9ff2f0b22edb04dc59e454a436d9214e6d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe

Filesize
184KB

MD5
64c385d65d382461f3c48fdce7cab14d

SHA1
da1a82cceccbb7be97dbdf9124bf7e26ca79d41f

SHA256
12737b9f7642436d552c7f040a3df9261f0cd128e33313e4c51397ab05f039f4

SHA512
758530b8ebb89d46bf81829def47cf489b64b9367f17fd2c83f3915d1efa1244c9bd3ed01df39eaeb676f0bd5ca8c9ff2f0b22edb04dc59e454a436d9214e6d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe

Filesize
184KB

MD5
07d4fb8b8bca51bfe57d54a18a4a1fd4

SHA1
58f7b19cd2de281dcfd748a839f27d378f2c9b0b

SHA256
790082f800b7bad8f78dd678da7aaa3cf541944a00166164a408d6f82a16af92

SHA512
dae3913e514fcfc989f70d94a529c27fd4883701018444f18f277f281f3ad50f3ac13abdc720f2e22fe197f11c444d9ef04f31e1a65b0898efb71c12b0b68152

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe

Filesize
184KB

MD5
07d4fb8b8bca51bfe57d54a18a4a1fd4

SHA1
58f7b19cd2de281dcfd748a839f27d378f2c9b0b

SHA256
790082f800b7bad8f78dd678da7aaa3cf541944a00166164a408d6f82a16af92

SHA512
dae3913e514fcfc989f70d94a529c27fd4883701018444f18f277f281f3ad50f3ac13abdc720f2e22fe197f11c444d9ef04f31e1a65b0898efb71c12b0b68152

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe

Filesize
184KB

MD5
9df0376637993ad002da0d1812a98ebd

SHA1
7aa10e6f7977bc9e0854e40b7ac26eaa41eeb6be

SHA256
4adc6bc6e26909accc511d54712620246921d17c1712b45f3fe8876667b586d1

SHA512
89ad4f06f60e3d72e8b3dc0d52a5d4297104f88aca605df089963e636c14588af28b37e6adab6f49e7d0bd7792f847d7462894bc4e28ea318a9cfe2100efda19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe

Filesize
184KB

MD5
9df0376637993ad002da0d1812a98ebd

SHA1
7aa10e6f7977bc9e0854e40b7ac26eaa41eeb6be

SHA256
4adc6bc6e26909accc511d54712620246921d17c1712b45f3fe8876667b586d1

SHA512
89ad4f06f60e3d72e8b3dc0d52a5d4297104f88aca605df089963e636c14588af28b37e6adab6f49e7d0bd7792f847d7462894bc4e28ea318a9cfe2100efda19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe

Filesize
184KB

MD5
67cc85a58a9a70a3c5ab938a19f3896a

SHA1
33b028c3daa405c2751f1c7acdbea1f6b80e8a27

SHA256
95c5833240bec371b1c3738bd05ad80c5882e1455f94caa1387d5a8a70eb3e8e

SHA512
a9b050559dbd8edd4684eb7d85c837b1ff22f87c74704c961eb565ca674c6ab5366ee83a40e51f2a89a56bf714054cdf555b52a57ef94b91b2234318a3870a75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe

Filesize
184KB

MD5
67cc85a58a9a70a3c5ab938a19f3896a

SHA1
33b028c3daa405c2751f1c7acdbea1f6b80e8a27

SHA256
95c5833240bec371b1c3738bd05ad80c5882e1455f94caa1387d5a8a70eb3e8e

SHA512
a9b050559dbd8edd4684eb7d85c837b1ff22f87c74704c961eb565ca674c6ab5366ee83a40e51f2a89a56bf714054cdf555b52a57ef94b91b2234318a3870a75

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads