Overview

overview

6

Static

static

3

Lunar Clie....3.exe

windows10-2004-x64

4

Lunar Clie....3.exe

windows11-21h2-x64

6

Lunar Clie....3.exe

macos-10.15-amd64

Analysis

  • max time kernel
    1733s
  • max time network
    1574s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lunar Client v3.2.3.exe

  • Size

    1.0MB

  • MD5

    0814a485d44ded97e275e8e80f6c17ca

  • SHA1

    69862f6fb82651f3a097fe7554440537ea0f1a90

  • SHA256

    560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea

  • SHA512

    bd9abe5bd35d21bb57be9e757a6e7293f9e71738045fff6b53788e36bd442d1b8af21ea38a528ea0910434cc32ac610fbaf4200a6faf615828f47d8b74987dbd

  • SSDEEP

    24576:s2Oawk0MDhozjDu173pG1szLSvJwnHNiTWQC:MkPDhEjK73pfqvCHH

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe"
    1⤵
    • Loads dropped DLL
    PID:1728
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:796
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsn74F2.tmp\StdUtils.dll
    Filesize

    100KB

    MD5

    c6a6e03f77c313b267498515488c5740

    SHA1

    3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    SHA256

    b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    SHA512

    9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsn74F2.tmp\System.dll
    Filesize

    12KB

    MD5

    0d7ad4f45dc6f5aa87f606d0331c6901

    SHA1

    48df0911f0484cbe2a8cdd5362140b63c41ee457

    SHA256

    3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    SHA512

    c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    Download Submit

  • memory/796-22-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-23-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-15-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-19-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-20-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-21-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-13-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-14-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-24-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/796-25-0x000001BB44680000-0x000001BB44681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1356-34-0x00007FF68ED20000-0x00007FF68EE18000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1356-35-0x00007FFCEBF00000-0x00007FFCEBF34000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1356-36-0x00007FFCDB140000-0x00007FFCDB3F4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1356-37-0x00007FFCDA090000-0x00007FFCDB13B000-memory.dmp

    Filesize

    16.7MB

    Download