0a48d1fc1a9679b87b0990777bda5c4cf9b8013c60e0ece9839b75633e151e80

Analysis

max time kernel
12s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

132696461897eb46ae5ff7530e55c40e.exe
Size

184KB
MD5

132696461897eb46ae5ff7530e55c40e
SHA1

b83059226e1660502313d1232a6c8038cd15ddf9
SHA256

0a48d1fc1a9679b87b0990777bda5c4cf9b8013c60e0ece9839b75633e151e80
SHA512

7205af4219fa74f6034ef508c48d493bf2d80551996a5535b8949c58a89b9ccef0293a6c098c5eb53167fb3dc5d7e0ac5d68dee746a0152defd0e4652fe866cf
SSDEEP

3072:84bYoJZTf0A0AOjAdxKbzz1ev/r62b2kBEEub82a67lXvpFh:84corF0Azdcbzzc7MV7lXvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
2904	Unicorn-63061.exe
3044	Unicorn-44390.exe
2796	Unicorn-7522.exe
2584	Unicorn-21012.exe
2740	Unicorn-58515.exe
2632	Unicorn-4675.exe
2184	Unicorn-1956.exe
3064	Unicorn-39459.exe

Loads dropped DLL 16 IoCs

pid	Process
2848	132696461897eb46ae5ff7530e55c40e.exe
2848	132696461897eb46ae5ff7530e55c40e.exe
2848	132696461897eb46ae5ff7530e55c40e.exe
2904	Unicorn-38083.exe
2904	Unicorn-38083.exe
2848	132696461897eb46ae5ff7530e55c40e.exe
3044	Unicorn-44390.exe
3044	Unicorn-44390.exe
2904	Unicorn-38083.exe
2904	Unicorn-38083.exe
2796	Unicorn-7522.exe
2796	Unicorn-7522.exe
2584	Unicorn-21012.exe
2584	Unicorn-21012.exe
3044	Unicorn-44390.exe
3044	Unicorn-44390.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2848	132696461897eb46ae5ff7530e55c40e.exe
2904	Unicorn-38083.exe
3044	Unicorn-44390.exe
2796	Unicorn-7522.exe
2584	Unicorn-21012.exe
2740	Unicorn-58515.exe
2632	Unicorn-4675.exe
2184	Unicorn-1956.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2904	2848	132696461897eb46ae5ff7530e55c40e.exe	28
PID 2848 wrote to memory of 2904	2848	132696461897eb46ae5ff7530e55c40e.exe	28
PID 2848 wrote to memory of 2904	2848	132696461897eb46ae5ff7530e55c40e.exe	28
PID 2848 wrote to memory of 2904	2848	132696461897eb46ae5ff7530e55c40e.exe	28
PID 2904 wrote to memory of 3044	2904	Unicorn-38083.exe	30
PID 2904 wrote to memory of 3044	2904	Unicorn-38083.exe	30
PID 2904 wrote to memory of 3044	2904	Unicorn-38083.exe	30
PID 2904 wrote to memory of 3044	2904	Unicorn-38083.exe	30
PID 2848 wrote to memory of 2796	2848	132696461897eb46ae5ff7530e55c40e.exe	74
PID 2848 wrote to memory of 2796	2848	132696461897eb46ae5ff7530e55c40e.exe	74
PID 2848 wrote to memory of 2796	2848	132696461897eb46ae5ff7530e55c40e.exe	74
PID 2848 wrote to memory of 2796	2848	132696461897eb46ae5ff7530e55c40e.exe	74
PID 3044 wrote to memory of 2584	3044	Unicorn-44390.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-44390.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-44390.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-44390.exe	33
PID 2904 wrote to memory of 2740	2904	Unicorn-38083.exe	32
PID 2904 wrote to memory of 2740	2904	Unicorn-38083.exe	32
PID 2904 wrote to memory of 2740	2904	Unicorn-38083.exe	32
PID 2904 wrote to memory of 2740	2904	Unicorn-38083.exe	32
PID 2796 wrote to memory of 2632	2796	Unicorn-7522.exe	31
PID 2796 wrote to memory of 2632	2796	Unicorn-7522.exe	31
PID 2796 wrote to memory of 2632	2796	Unicorn-7522.exe	31
PID 2796 wrote to memory of 2632	2796	Unicorn-7522.exe	31
PID 2584 wrote to memory of 2184	2584	Unicorn-21012.exe	38
PID 2584 wrote to memory of 2184	2584	Unicorn-21012.exe	38
PID 2584 wrote to memory of 2184	2584	Unicorn-21012.exe	38
PID 2584 wrote to memory of 2184	2584	Unicorn-21012.exe	38
PID 3044 wrote to memory of 3064	3044	Unicorn-44390.exe	37
PID 3044 wrote to memory of 3064	3044	Unicorn-44390.exe	37
PID 3044 wrote to memory of 3064	3044	Unicorn-44390.exe	37
PID 3044 wrote to memory of 3064	3044	Unicorn-44390.exe	37

C:\Users\Admin\AppData\Local\Temp\132696461897eb46ae5ff7530e55c40e.exe
"C:\Users\Admin\AppData\Local\Temp\132696461897eb46ae5ff7530e55c40e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        6⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        9⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        8⤵
        
        PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      4⤵
      Executes dropped EXE
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        5⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        6⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        7⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        6⤵
        
        PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
      4⤵
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        7⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        7⤵
        
        PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
      4⤵
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        7⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        8⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        5⤵
        
        PID:2480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
      4⤵
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        9⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        7⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        6⤵
        
        PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        5⤵
        
        PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
    3⤵
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      4⤵
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        6⤵
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        7⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        5⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        6⤵
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        5⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        6⤵
        
        PID:708

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads