c82f9cfbdfa1a385df60a2c4157d85e34cd648b7a0b5415ca17ad09f40190f74

Analysis

max time kernel
12s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fcc52f2cdbe83ef5f237a72efa092fa.exe
Size

184KB
MD5

6fcc52f2cdbe83ef5f237a72efa092fa
SHA1

bd8869e8e1a7325cf564a6b50d97fbaf473480b1
SHA256

c82f9cfbdfa1a385df60a2c4157d85e34cd648b7a0b5415ca17ad09f40190f74
SHA512

3b9a14fb399ba902e6d928b88f70944f3ddd8103e308bf64508453175675d1cb951f22b3497885801b3b1d148d09cc768b84adedaeee87d1ce4326b6a3bbf763
SSDEEP

3072:yLNMo3AeQJjf09fjUM3+Hde01uX0MsOl88SxKraASNlPvpFq:yLqoeJz09gMOHdeyKjyNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
3004	Unicorn-32644.exe
2196	Unicorn-10228.exe
2244	Unicorn-25173.exe
2604	Unicorn-50275.exe
2776	Unicorn-65220.exe
2484	Unicorn-54359.exe
1928	Unicorn-50166.exe
1836	Unicorn-62418.exe

Loads dropped DLL 16 IoCs

pid	Process
2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe
2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe
3004	Unicorn-32644.exe
3004	Unicorn-32644.exe
2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe
2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe
2196	Unicorn-10228.exe
2196	Unicorn-10228.exe
3004	Unicorn-32644.exe
3004	Unicorn-32644.exe
2244	Unicorn-25173.exe
2244	Unicorn-25173.exe
2776	Unicorn-65220.exe
2776	Unicorn-65220.exe
2484	Unicorn-54359.exe
2484	Unicorn-54359.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1712	2520	WerFault.exe	60
2924	1668	WerFault.exe	72
2976	1744	WerFault.exe	93

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe
3004	Unicorn-32644.exe
2196	Unicorn-10228.exe
2244	Unicorn-25173.exe
2776	Unicorn-65220.exe
2484	Unicorn-54359.exe
1928	Unicorn-50166.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 3004	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	28
PID 2916 wrote to memory of 3004	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	28
PID 2916 wrote to memory of 3004	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	28
PID 2916 wrote to memory of 3004	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	28
PID 3004 wrote to memory of 2196	3004	Unicorn-32644.exe	30
PID 3004 wrote to memory of 2196	3004	Unicorn-32644.exe	30
PID 3004 wrote to memory of 2196	3004	Unicorn-32644.exe	30
PID 3004 wrote to memory of 2196	3004	Unicorn-32644.exe	30
PID 2916 wrote to memory of 2244	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	29
PID 2916 wrote to memory of 2244	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	29
PID 2916 wrote to memory of 2244	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	29
PID 2916 wrote to memory of 2244	2916	6fcc52f2cdbe83ef5f237a72efa092fa.exe	29
PID 2196 wrote to memory of 2604	2196	Unicorn-10228.exe	33
PID 2196 wrote to memory of 2604	2196	Unicorn-10228.exe	33
PID 2196 wrote to memory of 2604	2196	Unicorn-10228.exe	33
PID 2196 wrote to memory of 2604	2196	Unicorn-10228.exe	33
PID 3004 wrote to memory of 2776	3004	Unicorn-32644.exe	32
PID 3004 wrote to memory of 2776	3004	Unicorn-32644.exe	32
PID 3004 wrote to memory of 2776	3004	Unicorn-32644.exe	32
PID 3004 wrote to memory of 2776	3004	Unicorn-32644.exe	32
PID 2244 wrote to memory of 2484	2244	Unicorn-25173.exe	31
PID 2244 wrote to memory of 2484	2244	Unicorn-25173.exe	31
PID 2244 wrote to memory of 2484	2244	Unicorn-25173.exe	31
PID 2244 wrote to memory of 2484	2244	Unicorn-25173.exe	31
PID 2776 wrote to memory of 1928	2776	Unicorn-65220.exe	36
PID 2776 wrote to memory of 1928	2776	Unicorn-65220.exe	36
PID 2776 wrote to memory of 1928	2776	Unicorn-65220.exe	36
PID 2776 wrote to memory of 1928	2776	Unicorn-65220.exe	36
PID 2484 wrote to memory of 1836	2484	Unicorn-54359.exe	35
PID 2484 wrote to memory of 1836	2484	Unicorn-54359.exe	35
PID 2484 wrote to memory of 1836	2484	Unicorn-54359.exe	35
PID 2484 wrote to memory of 1836	2484	Unicorn-54359.exe	35

C:\Users\Admin\AppData\Local\Temp\6fcc52f2cdbe83ef5f237a72efa092fa.exe
"C:\Users\Admin\AppData\Local\Temp\6fcc52f2cdbe83ef5f237a72efa092fa.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
      4⤵
      Executes dropped EXE
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        7⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        6⤵
        
        PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        11⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        12⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        10⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 188
        11⤵
        Program crash
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        5⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        7⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        11⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 200
        12⤵
        Program crash
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
      4⤵
      PID:940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
      4⤵
      Executes dropped EXE
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
        5⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        6⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        8⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        10⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        11⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        11⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        10⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        5⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        11⤵
        
        PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
    3⤵
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        6⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        8⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        10⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        9⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        10⤵
        
        PID:2224

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads