Overview
overview
10Static
static
3LunacyLaun...er.exe
windows7-x64
10LunacyLaun...er.exe
windows10-2004-x64
10LunacyLaun...or.dll
windows7-x64
1LunacyLaun...or.dll
windows10-2004-x64
1LunacyLaun...32.dll
windows7-x64
3LunacyLaun...32.dll
windows10-2004-x64
3LunacyLaun...ws.dll
windows7-x64
1LunacyLaun...ws.dll
windows10-2004-x64
1LunacyLaun...ICENSE
windows7-x64
1LunacyLaun...ICENSE
windows10-2004-x64
1LunacyLaun...DME.md
windows7-x64
3LunacyLaun...DME.md
windows10-2004-x64
3LunacyLaun...rs.dll
windows7-x64
1LunacyLaun...rs.dll
windows10-2004-x64
1LunacyLaun...up.xml
windows7-x64
1LunacyLaun...up.xml
windows10-2004-x64
1LunacyLaun...rl.dll
windows7-x64
3LunacyLaun...rl.dll
windows10-2004-x64
3LunacyLaun...e4.dll
windows7-x64
3LunacyLaun...e4.dll
windows10-2004-x64
3LunacyLaun...-1.dll
windows7-x64
3LunacyLaun...-1.dll
windows10-2004-x64
3LunacyLaun...10.dll
windows7-x64
1LunacyLaun...10.dll
windows10-2004-x64
1Analysis
-
max time kernel
133s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
09/05/2023, 19:31
Static task
static1
Behavioral task
behavioral1
Sample
LunacyLauncher/LunacyLauncher.exe
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral2
Sample
LunacyLauncher/LunacyLauncher.exe
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
LunacyLauncher/brokeradaptor.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral4
Sample
LunacyLauncher/brokeradaptor.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
LunacyLauncher/irmfmodulewin32.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral6
Sample
LunacyLauncher/irmfmodulewin32.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
LunacyLauncher/platforms/qwindows.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral8
Sample
LunacyLauncher/platforms/qwindows.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
LunacyLauncher/updater/LICENSE
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral10
Sample
LunacyLauncher/updater/LICENSE
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
LunacyLauncher/updater/README.md
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral12
Sample
LunacyLauncher/updater/README.md
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
LunacyLauncher/updater/bdfilters.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral14
Sample
LunacyLauncher/updater/bdfilters.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
LunacyLauncher/updater/gup.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral16
Sample
LunacyLauncher/updater/gup.xml
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
LunacyLauncher/updater/libcurl.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral18
Sample
LunacyLauncher/updater/libcurl.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
LunacyLauncher/x86/QtCore4.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral20
Sample
LunacyLauncher/x86/QtCore4.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
LunacyLauncher/x86/libgcc_s_dw2-1.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral22
Sample
LunacyLauncher/x86/libgcc_s_dw2-1.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral23
Sample
LunacyLauncher/x86/mingwm10.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral24
Sample
LunacyLauncher/x86/mingwm10.dll
Resource
win10v2004-20230221-es
windows10-2004-x64
General
-
Target
LunacyLauncher/updater/bdfilters.dll
-
Size
4.1MB
-
MD5
ed730387fdcd684b756601b863c47417
-
SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde
-
SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5
-
SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f
-
SSDEEP
98304:Xl4qYuQxqYfHYosUiJovT7DBmmhjSF5og3Vk9O0KChvvvveo:XuqYuQxqYfHYosUiJoviVKvvvvJ
Malware Config
Signatures
-
Modifies registry class 28 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandicam MPEG-1 Audio Property" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandicam MPEG-1 Video Property" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LunacyLauncher\\updater\\bdfilters.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandicam MPEG-1 Video Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandicam MPEG-1 Audio Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LunacyLauncher\\updater\\bdfilters.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LunacyLauncher\\updater\\bdfilters.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LunacyLauncher\\updater\\bdfilters.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71 regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandicam MPEG-1 Video Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandicam MPEG-1 Audio Decoder" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1652 wrote to memory of 4588 1652 regsvr32.exe 84 PID 1652 wrote to memory of 4588 1652 regsvr32.exe 84 PID 1652 wrote to memory of 4588 1652 regsvr32.exe 84
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\LunacyLauncher\updater\bdfilters.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\LunacyLauncher\updater\bdfilters.dll2⤵
- Modifies registry class
PID:4588
-