Overview

overview

10

Static

static

3

6139eda531...34.dll

windows7-x64

10

6139eda531...34.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6139eda5319de501e38e2f1c6e483434.dll

  • Size

    1.7MB

  • MD5

    6139eda5319de501e38e2f1c6e483434

  • SHA1

    d6976183951b9b4fa8b1f9f7e9da4e04d6e73bee

  • SHA256

    44ce18b515dc6676006582f1fce1d9e5ab189187539f055b2b416912223c1241

  • SHA512

    0732cd1be15bb0fb6f59bd2097e4ca17aac87b26fd90c2e32ee770678727aee34c94afc7009bf7d2ff40005ffccca6a2cee7a06aa079a9ee4f4333622dfc7a23

  • SSDEEP

    24576:i4pLEZif00JxEAXqCvRAQKNDmWEAeApxOGlEZ4h0pZB5v31rIyOlIM+SSZPU:iGYZifFEAXr6fEaYp3Oy3Sc8

Score
10/10
unicornstealerspywarestealer

Malware Config

Signatures

  • UnicornStealer

    UnicornStealer is a modular infostealer written in C++.

    stealerunicornstealer
  • Unicorn Stealer payload 17 IoCs
    stealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6139eda5319de501e38e2f1c6e483434.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6139eda5319de501e38e2f1c6e483434.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\system32\svchost.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Windows\SysWOW64\dllhost.exe
          "C:\Windows\system32\dllhost.exe"
          4⤵
            PID:2236
          • C:\Windows\SysWOW64\dllhost.exe
            "C:\Windows\system32\dllhost.exe"
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:476

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/476-15-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-17-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/476-62-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-59-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-57-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-47-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-36-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-35-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-63-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-33-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-16-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-18-0x0000000077C30000-0x0000000077DD9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/476-34-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-25-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-27-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-28-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-31-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/476-30-0x0000000000400000-0x000000000053C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2664-11-0x0000000004510000-0x0000000004660000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2664-23-0x0000000004510000-0x0000000004660000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2664-12-0x0000000077C30000-0x0000000077DD9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2664-10-0x00000000001C0000-0x00000000001C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2664-7-0x00000000000D0000-0x00000000000D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2900-0-0x0000000000BC0000-0x0000000000D75000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2900-8-0x0000000000BC0000-0x0000000000D75000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2900-6-0x0000000000BC0000-0x0000000000D75000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2900-1-0x0000000000BC0000-0x0000000000D75000-memory.dmp

      Filesize

      1.7MB

      Download