Overview

overview

7

Static

static

3

Lunar.exe

windows7-x64

7

Lunar.exe

windows10-2004-x64

7

troll.pyc

windows7-x64

3

troll.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    103s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    troll.pyc

  • Size

    2KB

  • MD5

    f4c02d1f0a86849a1d6cdc0f996036d1

  • SHA1

    0eedd3a627bee8d321553f5d97978216490af2e5

  • SHA256

    a0a969ae358d472a5245fda0cccd062fd6a21e431356da6f6f8b55ccdd7982f8

  • SHA512

    dc11a264125f21932a95f67c89766cdfe8aaa96c027181a8901b58e11c1831332d487317af967786f13ed0a1939128522626cfe3476010b2d18bb4060b7f31be

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\troll.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\troll.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\troll.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a429dfd97046a4c8c78914eab4a0df04

    SHA1

    8ac388cf0fd1fdc60e98be588e3426cb24b5ed54

    SHA256

    b575d43416db77cacbb35f60e4ad599b84e47b09c0d962bf48a6180fed819e1c

    SHA512

    e9cb220d221dcb7f81a5937391ef949fa2f2674fb3f7b819ff5704512f047f4ea6dcf5ea843e65acde8d28e6cf45a25473db47c5d0ed312ee76450d24bc309bf

    Download Submit