39056718c55d244307484d8d8bf5010d3b8fde194d288c7a4de6c63644405268

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 14:31

Target

LunarBoostrapper.exe
Size

85.3MB
MD5

8c7421292360dd2cdb61caf15795d5e3
SHA1

b453cb7027abf59ae02772f2867e3bc9ebf7ea4d
SHA256

39056718c55d244307484d8d8bf5010d3b8fde194d288c7a4de6c63644405268
SHA512

76972b36132aeade13a6a1df95a95023c11220e1c348a461f26419115025159015d871475ade333d3aebb7e845f9725bcc653d142a653d47cefda5728ebe7933
SSDEEP

1572864:tUbrPU1e4iamkhLDyPl4QiZoBnqf3Gd6xdnj+Y/5szQ7E7lZNCWg9uTdEb4:tUbr4e4iadhLDy943anyo6V/Tk7Cb9k7

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

LunarBoostrapper.exe

pid process

2528 LunarBoostrapper.exe

pid	process
2528	LunarBoostrapper.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2948-0-0x000000013F950000-0x000000013F9BA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29482\python311.dll	upx
behavioral1/memory/2528-1288-0x000000013F950000-0x000000013F9BA000-memory.dmp	upx
behavioral1/memory/2528-1291-0x000000013F950000-0x000000013F9BA000-memory.dmp	upx
behavioral1/memory/2948-2576-0x000000013F950000-0x000000013F9BA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

LunarBoostrapper.exe

description	pid	process	target process
PID 2948 wrote to memory of 2528	2948	LunarBoostrapper.exe	LunarBoostrapper.exe
PID 2948 wrote to memory of 2528	2948	LunarBoostrapper.exe	LunarBoostrapper.exe
PID 2948 wrote to memory of 2528	2948	LunarBoostrapper.exe	LunarBoostrapper.exe

C:\Users\Admin\AppData\Local\Temp\LunarBoostrapper.exe
"C:\Users\Admin\AppData\Local\Temp\LunarBoostrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\LunarBoostrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\LunarBoostrapper.exe"
  2⤵
  - Loads dropped DLL
  PID:2528

C:\Users\Admin\AppData\Local\Temp\_MEI29482\python311.dll

Filesize
1.6MB

MD5
9c8fef0940603bdacfab750356aa9e62

SHA1
53c12e3ed8aa7730841598d14fd4df963bfaef41

SHA256
fd22a75facf50a959692036f2118920c9816d84f8079d4bee23d143f4c43d5fc

SHA512
9c0e5cb947b9c342c87e6749a2d884adebaa9d4c556d3bf9fa9cc6ffd26f28728c6634ce8365d1dcbfe41c55dda65eda2087e4217a8d9c6880c286b26f08102f

Download Submit
memory/2528-1288-0x000000013F950000-0x000000013F9BA000-memory.dmp

Filesize
424KB

Download
memory/2528-1290-0x000007FEF61B0000-0x000007FEF6799000-memory.dmp

Filesize
5.9MB

Download
memory/2528-1291-0x000000013F950000-0x000000013F9BA000-memory.dmp

Filesize
424KB

Download
memory/2948-0-0x000000013F950000-0x000000013F9BA000-memory.dmp

Filesize
424KB

Download
memory/2948-1286-0x0000000000120000-0x000000000018A000-memory.dmp

Filesize
424KB

Download
memory/2948-2576-0x000000013F950000-0x000000013F9BA000-memory.dmp

Filesize
424KB

Download