Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 17:17
Behavioral task
behavioral1
Sample
luna.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
luna.exe
Resource
win10v2004-20240426-en
General
-
Target
luna.exe
-
Size
31.9MB
-
MD5
95178e9baece6c3ca37d61d9c150c24d
-
SHA1
5e855b41290245c7cb3dfccdfbebf887f7bfac83
-
SHA256
616d6444f37c7e64a365cf12e0778e1be4025e71acfe9168c57b6ee62dcab3d5
-
SHA512
bf484652812738d489742627eba0078e5e4f2a61488738fc7ff9657f1f4b9deeb292c228d7cf8b5f196805886e48d2b32a22d0f942291477294c78192e47dc64
-
SSDEEP
786432:i2zzdQ4OHzeMKVxzx5cjQb9JC8eTs3/5:i2zzVOHzDCd5cjQbr+c5
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2540 luna.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2540 luna.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2540 1976 luna.exe 28 PID 1976 wrote to memory of 2540 1976 luna.exe 28 PID 1976 wrote to memory of 2540 1976 luna.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\luna.exe"C:\Users\Admin\AppData\Local\Temp\luna.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\luna.exe"C:\Users\Admin\AppData\Local\Temp\luna.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2540
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD5a72993488cecd88b3e19487d646f88f6
SHA15d359f4121e0be04a483f9ad1d8203ffc958f9a0
SHA256aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038
SHA512c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38