Overview

overview

3

Static

static

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...up.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

3

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...er.exe

windows10-2004-x64

1

moonspoofe...up.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    31s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/12/2022, 13:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    moonspoofer-main/moonspoofer/publikuj/Application Files/MoonSpoofer_1_0_0_26/MoonSpoofer.exe

  • Size

    367KB

  • MD5

    c12a0e244da07ce09ccc160f2bc8fbcf

  • SHA1

    551a982795bc354ee1d04d83c06ad718f9f06048

  • SHA256

    b3aa733289b64e3c789fc997bd07c88d29b31fddca482dcd49a2ffe889b8719a

  • SHA512

    238a69f1201987532bc8abbd96d7fb9759ad618890fc79d2c934b90ad05d67b9243cef225d5cd6978f0518a2600207887d457ccec6eae5e6f26bc2334a2f2fbd

  • SSDEEP

    6144:YXnxbPLaA9v7xpKpLo/3Ew/uo27pUogiDsZAEw/uo2uEw/uo2uEw/uo23ja0L:8Ws0K527lsZK52hK52hK52Ta0L

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\moonspoofer-main\moonspoofer\publikuj\Application Files\MoonSpoofer_1_0_0_26\MoonSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\moonspoofer-main\moonspoofer\publikuj\Application Files\MoonSpoofer_1_0_0_26\MoonSpoofer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4948
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c start cmd /C "color b && title Error && echo Application not found && timeout /t 5"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4152
      • C:\Windows\SysWOW64\cmd.exe
        cmd /C "color b && title Error && echo Application not found && timeout /t 5"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1360
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 5
          4⤵
          • Delays execution with timeout.exe
          PID:4668

Network

  • flag-unknown
    DNS
    keyauth.win
    MoonSpoofer.exe
    Remote address:
    8.8.8.8:53
    Request
    keyauth.win
    IN A
    Response
    keyauth.win
    IN A
    188.114.96.0
    keyauth.win
    IN A
    188.114.97.0
  • flag-unknown
    POST
    https://keyauth.win/api/1.0/
    MoonSpoofer.exe
    Remote address:
    188.114.96.0:443
    Request
    POST /api/1.0/ HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: keyauth.win
    Content-Length: 386
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 18 Dec 2022 13:40:57 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    CF-Ray: 77b850310b880dfb-AMS
    Access-Control-Allow-Origin: *
    CF-Cache-Status: DYNAMIC
    Server-Timing: cf-q-config;dur=5.0000016926788e-06
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAqAUpVl%2FdrZWf7otnRvgBAUjvdr3L%2FDh3zQPn%2BrAxt%2FztWv5ktfAzxPVglFVT4mfJL4C60jI3Fr93Tng3Yw7WZ7kAJfR0HmdEvvQBbS2Rx%2BDIUvsQXiV8WHy376PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 188.114.96.0:443
    https://keyauth.win/api/1.0/
    tls, http
    MoonSpoofer.exe
    1.3kB
     4.0kB
     9
    9

    HTTP Request

    POST https://keyauth.win/api/1.0/

    HTTP Response

    200
  • 20.42.72.131:443
    276 B
     6
  • 93.184.221.240:80
    208 B
     4
  • 93.184.221.240:80
    138 B
     3
  • 93.184.221.240:80
    138 B
     3
  • 93.184.221.240:80
    138 B
     3
  • 8.8.8.8:53
    keyauth.win
    dns
    MoonSpoofer.exe
    57 B
     89 B
     1
    1

    DNS Request

    keyauth.win

    DNS Response

    188.114.96.0
    188.114.97.0

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4948-132-0x00000000001E0000-0x0000000000240000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4948-133-0x0000000005120000-0x00000000056C4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4948-134-0x0000000004A80000-0x0000000004B12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4948-135-0x0000000004B40000-0x0000000004B4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4948-136-0x0000000004EA0000-0x0000000004FEE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4948-137-0x0000000005C00000-0x0000000005FC0000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4948-138-0x0000000009050000-0x0000000009062000-memory.dmp

    Filesize

    72KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.