70f310f9f220081b48711326a0df031ebac2939eca74c65542f3d79bd2a09a34

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/02/2023, 06:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Moon_Loader_1.exe
Size

18.6MB
MD5

b4dd4dfef1b375ba60b61dc8826d8f32
SHA1

b1fd217e55a8bcf6e5b268166f6d10f1b6dc1431
SHA256

70f310f9f220081b48711326a0df031ebac2939eca74c65542f3d79bd2a09a34
SHA512

270ef3947f3f549638c9fe5d6d7d286678b7df30fb0fd4a6b082a548d5840f259fd933a2720d4127dfc9d76ffa5ddcbd68b65979dd2e054194d4f6f69f68682a
SSDEEP

393216:Du7L/OtASFu11dQuslN/m3pDl9AJ4ZoWOv+9rzPV4aBIOh+Yd:DCLuFOdQu4KRS4ZorvSrLnh7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe
1716	Moon_Loader_1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 1716	740	Moon_Loader_1.exe	28
PID 740 wrote to memory of 1716	740	Moon_Loader_1.exe	28
PID 740 wrote to memory of 1716	740	Moon_Loader_1.exe	28

C:\Users\Admin\AppData\Local\Temp\Moon_Loader_1.exe
"C:\Users\Admin\AppData\Local\Temp\Moon_Loader_1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Users\Admin\AppData\Local\Temp\Moon_Loader_1.exe
  "C:\Users\Admin\AppData\Local\Temp\Moon_Loader_1.exe"
  2⤵
  - Loads dropped DLL
  PID:1716

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\CompareSet.fon
1⤵
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
4454791276f4716342de12eaa6ab5007

SHA1
cfeab7a4aed07adf0e22bb40ca408046896173fa

SHA256
0545cfcb511dcca7764a31465c211ff3d6b91ed5070c00a8613599edff4b7979

SHA512
e86ae200f473ffc00b4e4f3fcdb094cdf896184dd048aed3c408f145282cf5da67889e11334460984c60f332d2faecf9a89a5f3774c81b488aeaadb5e1520497

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
584935f54f7a9947a2fec9a6d827e558

SHA1
3ee71afa08464bab300983a2bc627cd791d574dc

SHA256
78b921153dd5776295b464f6b887d6cf3e24097d53305a0c584256b8f569f9fb

SHA512
933658ceeb0a79d968b1ad32fa392f0e9f630c0264919fc729986f0d97ce72c5e5c554a42c068eacbbea24e4adca686ce10701803c6e80c77f7ed6d121cff749

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
fb60a721cfca0b3307067a7db90a996e

SHA1
fd4d776f3b9f1f7b658a2abdb5d321721eb19488

SHA256
2f031764abb092fa03732d27876a29f62d40ba0fdce08b66559915dc2879d10c

SHA512
b510c8a1436463ee4206cc6d3585a883bb195cdb3ed134eda286939ba50027ae2c01e409654252966717ccb0fbd2d09aae9d9412fa94491bf403103e7b62a5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
9be41c3476bdf52936e25368c14b87c4

SHA1
22a068671f0e3fc9041a193158cfb95fa3618419

SHA256
9c208b51ad3331ae87ce2642d9a8b119add74798524ea1c3cb1e995045f452b9

SHA512
0756986284b8ea16cc1d35c8a87352e70b7b44a892b3b4a1266c64607aa0dd161e5da4b0286c6dbb38f040d538c85e6c4af26148a31d1382f86b12b4b389463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
4454791276f4716342de12eaa6ab5007

SHA1
cfeab7a4aed07adf0e22bb40ca408046896173fa

SHA256
0545cfcb511dcca7764a31465c211ff3d6b91ed5070c00a8613599edff4b7979

SHA512
e86ae200f473ffc00b4e4f3fcdb094cdf896184dd048aed3c408f145282cf5da67889e11334460984c60f332d2faecf9a89a5f3774c81b488aeaadb5e1520497

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
584935f54f7a9947a2fec9a6d827e558

SHA1
3ee71afa08464bab300983a2bc627cd791d574dc

SHA256
78b921153dd5776295b464f6b887d6cf3e24097d53305a0c584256b8f569f9fb

SHA512
933658ceeb0a79d968b1ad32fa392f0e9f630c0264919fc729986f0d97ce72c5e5c554a42c068eacbbea24e4adca686ce10701803c6e80c77f7ed6d121cff749

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
fb60a721cfca0b3307067a7db90a996e

SHA1
fd4d776f3b9f1f7b658a2abdb5d321721eb19488

SHA256
2f031764abb092fa03732d27876a29f62d40ba0fdce08b66559915dc2879d10c

SHA512
b510c8a1436463ee4206cc6d3585a883bb195cdb3ed134eda286939ba50027ae2c01e409654252966717ccb0fbd2d09aae9d9412fa94491bf403103e7b62a5bb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
9be41c3476bdf52936e25368c14b87c4

SHA1
22a068671f0e3fc9041a193158cfb95fa3618419

SHA256
9c208b51ad3331ae87ce2642d9a8b119add74798524ea1c3cb1e995045f452b9

SHA512
0756986284b8ea16cc1d35c8a87352e70b7b44a892b3b4a1266c64607aa0dd161e5da4b0286c6dbb38f040d538c85e6c4af26148a31d1382f86b12b4b389463d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
memory/740-54-0x000007FEFB941000-0x000007FEFB943000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads