Overview

overview

10

Static

static

3

3739266e1f...3d.exe

windows7-x64

10

3739266e1f...3d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 20:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d.exe

  • Size

    638KB

  • MD5

    1fdd8e8afb5238c0e160774f8b6a8e5b

  • SHA1

    7fa2fc7f6632b3ddadfc930959cf8e6401b7f0de

  • SHA256

    3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d

  • SHA512

    d48b8c2aca82ffb5b7f9e3f9cf53cf75b9c86fda6f06a46e5f1040f12f236f5adccd2076b027c914902e376f6307a948846c095c0ac048c4643f2cd661372884

  • SSDEEP

    12288:uZWg5P5RpcVpQjn8qadSWixuGEQVhz3SlEbshkKnUTcA9OX:Lg95REpQjHak9ufQHyvUA/

Score
10/10
luminositypersistencerat

Malware Config

Signatures

  • Luminosity

    Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    ratluminosity
  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d.exe
    "C:\Users\Admin\AppData\Local\Temp\3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d.exe
      "C:\Users\Admin\AppData\Local\Temp\3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\ProgramData\490145\sysmon.exe
        "C:\ProgramData\490145\sysmon.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\ProgramData\490145\sysmon.exe
          "C:\ProgramData\490145\sysmon.exe"
          4⤵
          • Modifies WinLogon for persistence
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2476

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\490145\sysmon.exe
          Filesize

          638KB

          MD5

          1fdd8e8afb5238c0e160774f8b6a8e5b

          SHA1

          7fa2fc7f6632b3ddadfc930959cf8e6401b7f0de

          SHA256

          3739266e1f38976ad890c6595dde6e398f7dec6fad52b9c5f77aad2853f0833d

          SHA512

          d48b8c2aca82ffb5b7f9e3f9cf53cf75b9c86fda6f06a46e5f1040f12f236f5adccd2076b027c914902e376f6307a948846c095c0ac048c4643f2cd661372884

          Download Submit

        • memory/1712-3-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1712-1-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1712-2-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1712-22-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1712-0-0x0000000074AC1000-0x0000000074AC2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2216-64-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-62-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-17-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2216-19-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-6-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-8-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-4-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-25-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2216-27-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2216-72-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2216-71-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-70-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2216-60-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-58-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-68-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2216-67-0x0000000002110000-0x0000000002111000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2216-65-0x0000000002110000-0x0000000002111000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2216-26-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2216-21-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/2216-59-0x0000000002070000-0x0000000002087000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2476-49-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2572-35-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2572-54-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2572-55-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2572-37-0x0000000074AC0000-0x000000007506B000-memory.dmp

          Filesize

          5.7MB

          Download