a8c5b44348197579540753834c0176752b89eb4d15491ed41a843f5ef72ce0e4

Analysis

max time kernel
49s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2916293c384bf6e30d2c6b17198403df.exe
Size

184KB
MD5

2916293c384bf6e30d2c6b17198403df
SHA1

3ba75e134f2ab42affe7c7693e0767d2261906e3
SHA256

a8c5b44348197579540753834c0176752b89eb4d15491ed41a843f5ef72ce0e4
SHA512

b5b8895a819909510755c64c6eb4c0950a961f8857082906a2ea4aece3c33010fa5d60873bb3c7c43f10fe6b8e6a8718c736a47688c1f9a10c8bee5242c5b003
SSDEEP

3072:XTzzomEqnbwMX8j1qmtYpJS89rDJdLIl4jxVgoYKxlv1pFQ:XTvoG8MXEqqYpJJcK9xlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
2680	Unicorn-25586.exe
2688	Unicorn-60790.exe
2424	Unicorn-23287.exe
572	Unicorn-1216.exe
2944	Unicorn-25721.exe
1868	Unicorn-59737.exe
2772	Unicorn-7910.exe
1624	Unicorn-16338.exe
1632	Unicorn-54714.exe
2560	Unicorn-30402.exe

Loads dropped DLL 20 IoCs

pid	Process
2912	2916293c384bf6e30d2c6b17198403df.exe
2912	2916293c384bf6e30d2c6b17198403df.exe
2912	2916293c384bf6e30d2c6b17198403df.exe
2912	2916293c384bf6e30d2c6b17198403df.exe
2680	Unicorn-25586.exe
2680	Unicorn-25586.exe
2424	Unicorn-23287.exe
2424	Unicorn-23287.exe
2688	Unicorn-60790.exe
2688	Unicorn-60790.exe
2424	Unicorn-23287.exe
2680	Unicorn-25586.exe
2424	Unicorn-23287.exe
2680	Unicorn-25586.exe
2688	Unicorn-60790.exe
2688	Unicorn-60790.exe
2944	Unicorn-25721.exe
2944	Unicorn-25721.exe
572	Unicorn-1216.exe
572	Unicorn-1216.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2748	1640	WerFault.exe	72
1740	2908	WerFault.exe	89

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2912	2916293c384bf6e30d2c6b17198403df.exe
2680	Unicorn-25586.exe
2688	Unicorn-60790.exe
2424	Unicorn-23287.exe
572	Unicorn-1216.exe
2944	Unicorn-25721.exe
1868	Unicorn-59737.exe
2772	Unicorn-7910.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2680	2912	2916293c384bf6e30d2c6b17198403df.exe	30
PID 2912 wrote to memory of 2680	2912	2916293c384bf6e30d2c6b17198403df.exe	30
PID 2912 wrote to memory of 2680	2912	2916293c384bf6e30d2c6b17198403df.exe	30
PID 2912 wrote to memory of 2680	2912	2916293c384bf6e30d2c6b17198403df.exe	30
PID 2912 wrote to memory of 2688	2912	2916293c384bf6e30d2c6b17198403df.exe	32
PID 2912 wrote to memory of 2688	2912	2916293c384bf6e30d2c6b17198403df.exe	32
PID 2912 wrote to memory of 2688	2912	2916293c384bf6e30d2c6b17198403df.exe	32
PID 2912 wrote to memory of 2688	2912	2916293c384bf6e30d2c6b17198403df.exe	32
PID 2680 wrote to memory of 2424	2680	Unicorn-25586.exe	31
PID 2680 wrote to memory of 2424	2680	Unicorn-25586.exe	31
PID 2680 wrote to memory of 2424	2680	Unicorn-25586.exe	31
PID 2680 wrote to memory of 2424	2680	Unicorn-25586.exe	31
PID 2424 wrote to memory of 572	2424	Unicorn-23287.exe	34
PID 2424 wrote to memory of 572	2424	Unicorn-23287.exe	34
PID 2424 wrote to memory of 572	2424	Unicorn-23287.exe	34
PID 2424 wrote to memory of 572	2424	Unicorn-23287.exe	34
PID 2688 wrote to memory of 2944	2688	Unicorn-60790.exe	33
PID 2688 wrote to memory of 2944	2688	Unicorn-60790.exe	33
PID 2688 wrote to memory of 2944	2688	Unicorn-60790.exe	33
PID 2688 wrote to memory of 2944	2688	Unicorn-60790.exe	33
PID 2424 wrote to memory of 1868	2424	Unicorn-23287.exe	39
PID 2424 wrote to memory of 1868	2424	Unicorn-23287.exe	39
PID 2424 wrote to memory of 1868	2424	Unicorn-23287.exe	39
PID 2424 wrote to memory of 1868	2424	Unicorn-23287.exe	39
PID 2680 wrote to memory of 2772	2680	Unicorn-25586.exe	35
PID 2680 wrote to memory of 2772	2680	Unicorn-25586.exe	35
PID 2680 wrote to memory of 2772	2680	Unicorn-25586.exe	35
PID 2680 wrote to memory of 2772	2680	Unicorn-25586.exe	35
PID 2688 wrote to memory of 1624	2688	Unicorn-60790.exe	80
PID 2688 wrote to memory of 1624	2688	Unicorn-60790.exe	80
PID 2688 wrote to memory of 1624	2688	Unicorn-60790.exe	80
PID 2688 wrote to memory of 1624	2688	Unicorn-60790.exe	80
PID 2944 wrote to memory of 1632	2944	Unicorn-25721.exe	37
PID 2944 wrote to memory of 1632	2944	Unicorn-25721.exe	37
PID 2944 wrote to memory of 1632	2944	Unicorn-25721.exe	37
PID 2944 wrote to memory of 1632	2944	Unicorn-25721.exe	37
PID 572 wrote to memory of 2560	572	Unicorn-1216.exe	36
PID 572 wrote to memory of 2560	572	Unicorn-1216.exe	36
PID 572 wrote to memory of 2560	572	Unicorn-1216.exe	36
PID 572 wrote to memory of 2560	572	Unicorn-1216.exe	36

C:\Users\Admin\AppData\Local\Temp\2916293c384bf6e30d2c6b17198403df.exe
"C:\Users\Admin\AppData\Local\Temp\2916293c384bf6e30d2c6b17198403df.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        5⤵
        Executes dropped EXE
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        8⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        5⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.58920612484851E+46.exe
        7⤵
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        9⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        9⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        10⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 384
        10⤵
        Program crash
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 380
        9⤵
        Program crash
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        9⤵
        
        PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
      4⤵
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        7⤵
        Executes dropped EXE
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        8⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        6⤵
        
        PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
      4⤵
      Executes dropped EXE
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        5⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        9⤵
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
      4⤵
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        7⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        8⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        7⤵
        
        PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        5⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        8⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        6⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        7⤵
        
        PID:616

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads