Overview

overview

8

Static

static

LunarEngineSetup.exe

windows7-x64

8

LunarEngineSetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    129s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2023 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LunarEngineSetup.exe

  • Size

    20.3MB

  • MD5

    1e127e16166f6acc05b433f5c151af2e

  • SHA1

    2e763303c5bf1969dd412d77452ffa7a18c52b8c

  • SHA256

    a8a84632f43da3e7feb8b4d64580daa17d92fcb09974770bf5f4492e46ca2125

  • SHA512

    2797915d0cb78178a75356fc790929905bde59ccf2f4ade3e23c7b9851926abbe3d30c3479569fefcdf3ea89522c9050c44638b032b76f57771d767050fedbf6

  • SSDEEP

    393216:h4IffuuxDS1fDiq5jUcUgPeyJ7o48nG/qQ6o+1BbwmdsUywobkCT+:h4IeuFSDPvUCbJk48G/D/OtFyed

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LunarEngineSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\LunarEngineSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\is-G1NP0.tmp\LunarEngineSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-G1NP0.tmp\LunarEngineSetup.tmp" /SL5="$70124,20482105,803840,C:\Users\Admin\AppData\Local\Temp\LunarEngineSetup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-G1NP0.tmp\LunarEngineSetup.tmp
    Filesize

    2.9MB

    MD5

    f31521b77adbdc92477145bd455cc27b

    SHA1

    72a14f4d08a6cc91b1e4ddf515fd32117e82a042

    SHA256

    ffe7da1193245df53a0706f1b32a0ea9dc849e8061866d2ab73cdd5d4b66fcbb

    SHA512

    79275b79e87e2aca18d07eef7ec1ba07bc579a0aa64f6ef5b350f23eeefa66d78aad1483ac0e22eb60c58f2f0997df837525d3d7d57519fbd25cfe3327326d63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-G1NP0.tmp\LunarEngineSetup.tmp
    Filesize

    2.9MB

    MD5

    f31521b77adbdc92477145bd455cc27b

    SHA1

    72a14f4d08a6cc91b1e4ddf515fd32117e82a042

    SHA256

    ffe7da1193245df53a0706f1b32a0ea9dc849e8061866d2ab73cdd5d4b66fcbb

    SHA512

    79275b79e87e2aca18d07eef7ec1ba07bc579a0aa64f6ef5b350f23eeefa66d78aad1483ac0e22eb60c58f2f0997df837525d3d7d57519fbd25cfe3327326d63

    Download Submit

  • memory/964-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/964-55-0x0000000000400000-0x00000000004D2000-memory.dmp

    Filesize

    840KB

    Download

  • memory/964-61-0x0000000000400000-0x00000000004D2000-memory.dmp

    Filesize

    840KB

    Download