Overview

overview

5

Static

static

3

LC 1.3.1.rar

windows7-x64

3

LC 1.3.1.rar

windows10-2004-x64

3

LC 1.3.1/C....1.jar

windows7-x64

1

LC 1.3.1/C....1.jar

windows10-2004-x64

1

LC 1.3.1/L...re.dll

windows7-x64

3

LC 1.3.1/L...re.dll

windows10-2004-x64

5

LC 1.3.1/L...ui.dll

windows7-x64

3

LC 1.3.1/L...ui.dll

windows10-2004-x64

3

LC 1.3.1/L...rk.dll

windows7-x64

3

LC 1.3.1/L...rk.dll

windows10-2004-x64

3

LC 1.3.1/L...vg.dll

windows7-x64

1

LC 1.3.1/L...vg.dll

windows10-2004-x64

3

LC 1.3.1/L...ts.dll

windows7-x64

1

LC 1.3.1/L...ts.dll

windows10-2004-x64

3

LC 1.3.1/L...cs.jar

windows7-x64

1

LC 1.3.1/L...cs.jar

windows10-2004-x64

1

LC 1.3.1/L...er.dll

windows7-x64

1

LC 1.3.1/L...er.dll

windows10-2004-x64

1

LC 1.3.1/L...on.dll

windows7-x64

1

LC 1.3.1/L...on.dll

windows10-2004-x64

1

LC 1.3.1/L...if.dll

windows7-x64

1

LC 1.3.1/L...if.dll

windows10-2004-x64

1

LC 1.3.1/L...co.dll

windows7-x64

1

LC 1.3.1/L...co.dll

windows10-2004-x64

1

LC 1.3.1/L...eg.dll

windows7-x64

1

LC 1.3.1/L...eg.dll

windows10-2004-x64

1

LC 1.3.1/L...vg.dll

windows7-x64

1

LC 1.3.1/L...vg.dll

windows10-2004-x64

1

LC 1.3.1/L...64.dll

windows7-x64

3

LC 1.3.1/L...64.dll

windows10-2004-x64

3

LC 1.3.1/L...-1.dll

windows7-x64

3

LC 1.3.1/L...-1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2023, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LC 1.3.1/Lunar Client Qt 1.3.1/Qt5Core.dll

  • Size

    7.8MB

  • MD5

    f38f9d503157c6b2401801f9572fd048

  • SHA1

    52f999e93532349d0fca73f49e7a4e987b4a5e1f

  • SHA256

    858abb9ddcb3cd4fa15c01d3cd64ff4371a79516b02bc3df20590a82161fba55

  • SHA512

    c31966139cb1d5df66ea5cfde65b09449d5f25d5c4fc146cd44f0e0124e8106eef124fc40e2522aaee571e4685e605ebbcab8305a23d00ab9d7828c70a7f1be3

  • SSDEEP

    196608:N84evpspTjPCixOJsv6tWKFdu9CUGSFj+p:NNevpIT2TJsv6tWKFdu9C4g

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Program crash 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\LC 1.3.1\Lunar Client Qt 1.3.1\Qt5Core.dll",#1
    1⤵
      PID:3652
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3652 -s 480
        2⤵
        • Program crash
        PID:4504
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 424 -p 3652 -ip 3652
      1⤵
        PID:4420
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k netsvcs -p
        1⤵
        • Drops file in System32 directory
        PID:3888

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\wsuDB9B.tmp
        Filesize

        14KB

        MD5

        c01eaa0bdcd7c30a42bbb35a9acbf574

        SHA1

        0aee3e1b873e41d040f1991819d0027b6cc68f54

        SHA256

        32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

        SHA512

        d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        9f7e04ee74b8b1ea3c3a0539db67bcfb

        SHA1

        c8300369667151cc93870db47aa4b3f905683194

        SHA256

        740d45049a3489026e3f67f33e769df5e1671041b75cfd767d2548326b955c4f

        SHA512

        ec2dfe253bebde4445446336b7eb49c01c8cf0710d85c6f65640a3f555645628dbdab080876d6f96723e9851504fc51e6e6098ca14ccc8a855007b580c8202f3

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        4962670fae25b399822522967b5c2e06

        SHA1

        1fdc10b9d20e934143d0f84728673c19a71b7db3

        SHA256

        f1772bc3036cdac3ffafcd926c04e819346a3beb85ceb6a20f8fd087abab7fb4

        SHA512

        553fea291b03bac5f8911e4f5339901104a9de4cf5be1db4b6d13f2b0a2e72dd65557ab8ef2f417f0f78951d84aa7a6adc452e7841fffbb1cd64f3865ae16adf

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        4535a62b33725f85d0a79367bd6a2d98

        SHA1

        daa683f2d567a02ab45e9fd607e78bd4a9feb7b3

        SHA256

        b8f9fced587e17d7fe87f1561c4ef611620f871c463b9739fc8924f203c2e70c

        SHA512

        6512c6f73cf57b208cb4ba355a23726d909f319e1a8d4e6fcfe647dba10d5bb8bc5ff55951e858563fc6a0ce1ba75ebbac2781db901080d61f545074936049e8

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        037e12a86f9d3fb41cabacf7dbc71743

        SHA1

        8c8ccb6e60d15cf0c7eb007c02e5d58a36792920

        SHA256

        4738b892e2001ae4042318d2969f1d6d02bbf54f64f0a6864443a5b7abb39fa2

        SHA512

        1baf059c658f63ef16207102cfa452bac5c134e3d28a372b35b3f0def732e68b6916decd827f5b46d4ffdb4764a372fbd7dbbadb5b79e547072f7f4324986f4d

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        53497d69d12c3a53f51ff751481b2535

        SHA1

        2f8ab4bd9d8c709691b8237f02a499fe94464610

        SHA256

        ccff51a6af788bee58d897f4aedec0945e3ff282c10cf66f8dcb9603ff164d89

        SHA512

        3238c14a7afc8bf8076cd92a65f3cbcbd8358a6b3f61c3a5c7928844eb51d646bd59384caa377be38e47460165499e07a1e93d848082ab17987955f9daf685e6

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        8ae76319e067d18abc271fb23bfa439e

        SHA1

        f25556488f02fa81cf32dc641e6b5d703bc736aa

        SHA256

        f4ee4d21ec293c44a629cf385349e8800d6610d88943f2962ff886aeed6930a4

        SHA512

        5372001465bb33dec3c0b81c8dbe431714412a5647eabd7ea72c136ca689d621dde086fb2a25b2e71aee2a5adfe50e94b5a78a3c441d8720fa602c37d195a93e

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        78244d006e062bd2476276be3fc423aa

        SHA1

        0fcc6f54b875ff411b848f348b4c94753a813221

        SHA256

        aa310337661b19cfd74550bb85dbb3f3d051bd8bcb3d6c82ba20f05cc7bed43b

        SHA512

        ca05a59cd1e0911174f91699816f547bd31c8eced4f6b720bfb689a77010f3542ea637b4bb31e42055a6599cd287e3ed70b3f6c0342a917bdcc547ae1e58f84a

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        3833b9b0858c79dbb964cadaa0b9a8e2

        SHA1

        7b2f6c1f75ecea2a8474ed406c5c2b9c04493b8c

        SHA256

        e9914cdcc4556e91e0998bf2a47209524e80693703138383788c48a086f5f597

        SHA512

        8131d19eccd4c3c16ecc7436d61c31d70dfccc2c2d3d3a4a28587d1dbd3a8ee3ac3b1d64e04c0e810c02672dd518685fc7a9dd207be7a84c6a5cbaa29e29e629

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        86edbd9be6cfffe31f0691f0a9e6f968

        SHA1

        05e6fd2d5b10f13d0deea9ab18621810dddb188d

        SHA256

        4409a945e6f1cab84d977ffa69dbe9a170d7bf1aefd8242012879ba7d9119b08

        SHA512

        75a3da72b9f265fb2ff5d4c2f2ac8d91a4127b1f076563cb975db4a6cdb4832a2a35d72128c4c417bb63c6eff9c0ae93db2091d506e98d9902eddc0ab0c8d535

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        efb876a1f2b4b7aba9c219fc50cd6bee

        SHA1

        f8aec9d887b0f36a6c29b53d7b96d8865a54eff3

        SHA256

        7d290568b136c504072358c5d35854725128e9fb9ad59a12f2c5f2dd06f6785f

        SHA512

        01ed7260f85db5c5f80a6662d6bc98c66ab42e7df2179f4129e5de9b8620901163473ec6d7fa5b2d338f13d81a1232edae2a6b5cdb636c03217268f47e1b0ef6

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        bb2f93bad694cbdfc406ca80b38841e7

        SHA1

        37981c4539f0d9658812b76af8b74c2f2e881faf

        SHA256

        15a39f4a1c4c46d976fc8d112b6110f2994a9101598cfa03f9bbca4fb42d3e13

        SHA512

        03cdb9a03217f884271bef79f3395584b9a144777f69870bbaece5c4beb0bd27a92ee63d99638a1750db3942956ad96227a251d23827b3726172a6e1f2447f77

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        c6b9afaa50edb9681454f1e2b6f048fa

        SHA1

        f058094baa81a78dba0d6d161a23f3f01be63ff5

        SHA256

        796ff4da795a54c7732df4196ea8edea27ced610cd021450db093cd17692d367

        SHA512

        0a23f559bbf46f61d1135aa49caf414efd011db818d771baab50fdbb96a33b489197bc88b7b10869330d41ec2c037c2be4d734b333617cfc5d41027df36e4c3e

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        22fb219d197cd97147edf9fe1b214259

        SHA1

        e4c75b61c51bef4d1745e1cdd3f05c864dd00d5e

        SHA256

        3a9fe56cb31c8678a3e3630cc96585604c16e3cb6f8279157f23cea3278b6f3e

        SHA512

        bd5b7a69e3ff7e06a11449e4fc12b4b799eb5a403dde1f20d9192f5b7f8c52864b2052cc47750e0e2c09e60c412a42cdd93673564888e0bf11692efe8da7188e

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        2b633c89d6935e604ba1c20530cb0db7

        SHA1

        520d79fd603d7df39801e4d5bcad9914fa18d2a0

        SHA256

        b8712c626454f204d4f041244ed84b62574d7eeada11c2c83fc3ddd3f640b4b5

        SHA512

        3bc26ac1051702bed470df57b029681fcef99c5ca1f9e249e3d78f240dbad0eedc4dceb398f7161cf0ab1d7be56e15cef10d90bc4e614f58cf3ab353af69fc99

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        d8380f1c3b80385bf5a41465f1240360

        SHA1

        2fc9e8174577526596e61c345394bef5e832a333

        SHA256

        63bbf5a49153fa34119a600cfda3103a15b6ca8bb35353900cf88fd5e5b86407

        SHA512

        37c0ae2a768b695645ac804aed6e61b1b4dd1526fe756703a572a399c51313cd81c9e9d79bb893437fa2cf208feb5b7b161d032352ff41352963cbc6ea9b7e0f

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        c32a86d1b1071fdb8d7954dad79eaede

        SHA1

        1b048c1a7860c1c606b3474d4b602cd6403d1b17

        SHA256

        324c66e3eb08ecd7123a4653d62a1eac2f538f9161f145c39535fb14d1824d9f

        SHA512

        646fb8f47d069bc0209d7fbba7eecf4f867659ec863ca3d0073ad4872fe56f1195a6436559671a7b95a1c6bb812fc8f55001a32e96d07bbe0fb57e4498edde6e

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        e5233fb1e2c0cd70e7bbe55d40e2e607

        SHA1

        c8b6d742326515a9e7aa64428981ba669c378496

        SHA256

        6fbcc593106f71960c6a5e4a6ccc70466394c44b84bf0ed65b7d350d5ccac8e3

        SHA512

        5609cc18fb9a8dd250a5ebb6733b5352832c4f8f67bd35528be027b4671fe97a6387f012fe7aa80beb825cb8506b28b3b067ca3bcad0b936a1ddd2579f0435ae

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        dc48b3c98e480d8692cb8f8a870d5807

        SHA1

        7ef1a58f8eef5023a4a5724eb635e34891687e97

        SHA256

        b5c4f092e9b8a307a7597cda4e5ef6c6f0aee95178042c9ee46a26b96fbad251

        SHA512

        64db6831b0163cc0784f7ded7c83bfb34290e50b070a8a4528fcbb067de5bdc84dd5354ca7a483e6dbdd589576037586872a102671aec3356d2f3001740e8f9f

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        239ab46c066dfa29329fd4a21a1e719c

        SHA1

        261d5dd352442ed8d480fc43fc7ea1e159dc6799

        SHA256

        db1b6b70bddc1b61d710db28472295cfcaa9f4556147d5851e2716708d6f202d

        SHA512

        6fccbd01055bba4a55cb3b0c05a1c741792a5dda91e2e109f65ea7b030201f3b1c124441505553ab0fef3086faa167e5ef5166e7094d184d747894fb00e4d442

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        16b2bf6bca3d6da35b379021526bdc66

        SHA1

        ec8171e2c0b153e9644eb4026a315750ad1f7acb

        SHA256

        974dc00d962d80ee8aa0d6ff31064f8c043d75ec008d1665cac75d3aa4867b59

        SHA512

        1963392fdc89e06ac6e74c238842c135187cd700ef00cefef95d074c5b81c656d2e80a9aa1f8e59710c2df3fae88b293d9f144964ca80445b1feb41c34e46daf

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
        Filesize

        29KB

        MD5

        0add50689bf76d50c13e9ab4d05f0842

        SHA1

        453585641a83ec3271ee59799df95ea521f8c9e6

        SHA256

        97fa24b40ede73f31b01872ff5bc7061da03debed8580635a1388bd452f6bf4d

        SHA512

        c0ec146c9ad30246dc3faf1d81cd5dcf541b166cb41960b8f74a3e12c4808cc7323cce2f9c0dc36fe9335987777d713771161012f47d454574c2511b5a4a101e

        Download Submit

      • memory/3652-133-0x0000000068880000-0x0000000068EB9000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/3652-134-0x00007FFE60120000-0x00007FFE60142000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3652-135-0x00007FFE66060000-0x00007FFE66076000-memory.dmp

        Filesize

        88KB

        Download

      • memory/3652-136-0x00007FFE51190000-0x00007FFE51383000-memory.dmp

        Filesize

        1.9MB

        Download