Analysis

  • max time kernel
    156s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-06-2022 22:40

General

  • Target

    16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe

  • Size

    501KB

  • MD5

    365c7943dc2aab5777fbc8a127a5187d

  • SHA1

    08aab407d36826c7dd2036d0cc260907a68cb7a9

  • SHA256

    16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3

  • SHA512

    5cd9f4e9ad28ccce3435efd1bed18a4145a35e42e8f9258e7b5ebf61cb8ef34ea43192c39e4bc6231fa0cd4ca963200aeee62fb19f5016528968aa76a68c260a

Malware Config

Signatures

  • Luminosity

    Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe
    "C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe
      "C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4272-130-0x0000000074B30000-0x00000000750E1000-memory.dmp

    Filesize

    5.7MB

  • memory/4272-131-0x0000000074B30000-0x00000000750E1000-memory.dmp

    Filesize

    5.7MB

  • memory/4272-135-0x0000000074B30000-0x00000000750E1000-memory.dmp

    Filesize

    5.7MB

  • memory/4720-134-0x0000000074B30000-0x00000000750E1000-memory.dmp

    Filesize

    5.7MB

  • memory/4720-136-0x0000000074B30000-0x00000000750E1000-memory.dmp

    Filesize

    5.7MB