Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
27-05-2024 17:54
General
-
Target
Lunar Release.rar
-
Size
58.2MB
-
MD5
01aa98c288c78bd808619cbafb2bda83
-
SHA1
d83d784962fc80af5274e95dd3f00a5c36ceab04
-
SHA256
8e92c1465039a1582c52bd6c8e7a79b625c79cc19b6d79a2f8fd3977e363a111
-
SHA512
e6ae9b854e815d44f02dc6d2fb010ca8281d95c2fae685c74ca9495e2aec08f63513ac0715d90cf044c6dbe8a85828500e008c211d7a663b35cc7e471c05c246
-
SSDEEP
1572864:mIRRciDQutiv4I7Z5uVifsMNgt1LC6Ch4XGDdlmjx:mIRHXtiv4yuVX5n2B30x
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Lunar Release.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Lunar Release.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Lunar Release.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Lunar Release.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2516-32-0x000007FEF5D50000-0x000007FEF5D84000-memory.dmpFilesize
208KB
-
memory/2516-31-0x000000013F130000-0x000000013F228000-memory.dmpFilesize
992KB
-
memory/2516-34-0x000007FEF6C10000-0x000007FEF6C28000-memory.dmpFilesize
96KB
-
memory/2516-35-0x000007FEF5940000-0x000007FEF5957000-memory.dmpFilesize
92KB
-
memory/2516-36-0x000007FEF5920000-0x000007FEF5931000-memory.dmpFilesize
68KB
-
memory/2516-37-0x000007FEF5900000-0x000007FEF5917000-memory.dmpFilesize
92KB
-
memory/2516-38-0x000007FEF58E0000-0x000007FEF58F1000-memory.dmpFilesize
68KB
-
memory/2516-39-0x000007FEF58C0000-0x000007FEF58DD000-memory.dmpFilesize
116KB
-
memory/2516-40-0x000007FEF58A0000-0x000007FEF58B1000-memory.dmpFilesize
68KB
-
memory/2516-33-0x000007FEF5A90000-0x000007FEF5D46000-memory.dmpFilesize
2.7MB
-
memory/2516-44-0x000007FEF4560000-0x000007FEF4581000-memory.dmpFilesize
132KB
-
memory/2516-50-0x000007FEF44A0000-0x000007FEF44B1000-memory.dmpFilesize
68KB
-
memory/2516-53-0x000007FEF43E0000-0x000007FEF4447000-memory.dmpFilesize
412KB
-
memory/2516-55-0x000007FEF4340000-0x000007FEF4351000-memory.dmpFilesize
68KB
-
memory/2516-54-0x000007FEF4360000-0x000007FEF43DC000-memory.dmpFilesize
496KB
-
memory/2516-52-0x000007FEF4450000-0x000007FEF4480000-memory.dmpFilesize
192KB
-
memory/2516-51-0x000007FEF4480000-0x000007FEF4498000-memory.dmpFilesize
96KB
-
memory/2516-49-0x000007FEF44C0000-0x000007FEF44DB000-memory.dmpFilesize
108KB
-
memory/2516-56-0x000007FEF42E0000-0x000007FEF4337000-memory.dmpFilesize
348KB
-
memory/2516-57-0x000007FEF42B0000-0x000007FEF42D8000-memory.dmpFilesize
160KB
-
memory/2516-48-0x000007FEF44E0000-0x000007FEF44F1000-memory.dmpFilesize
68KB
-
memory/2516-58-0x000007FEF4280000-0x000007FEF42A4000-memory.dmpFilesize
144KB
-
memory/2516-59-0x000007FEF4260000-0x000007FEF4278000-memory.dmpFilesize
96KB
-
memory/2516-47-0x000007FEF4500000-0x000007FEF4511000-memory.dmpFilesize
68KB
-
memory/2516-60-0x000007FEF4230000-0x000007FEF4253000-memory.dmpFilesize
140KB
-
memory/2516-46-0x000007FEF4520000-0x000007FEF4531000-memory.dmpFilesize
68KB
-
memory/2516-61-0x000007FEF4210000-0x000007FEF4221000-memory.dmpFilesize
68KB
-
memory/2516-62-0x000007FEF41F0000-0x000007FEF4202000-memory.dmpFilesize
72KB
-
memory/2516-45-0x000007FEF4540000-0x000007FEF4558000-memory.dmpFilesize
96KB
-
memory/2516-63-0x000007FEF79B0000-0x000007FEF79C1000-memory.dmpFilesize
68KB
-
memory/2516-43-0x000007FEF4590000-0x000007FEF45D1000-memory.dmpFilesize
260KB
-
memory/2516-42-0x000007FEF45E0000-0x000007FEF47EB000-memory.dmpFilesize
2.0MB
-
memory/2516-64-0x000007FEF7950000-0x000007FEF79A7000-memory.dmpFilesize
348KB
-
memory/2516-65-0x000007FEF7920000-0x000007FEF794F000-memory.dmpFilesize
188KB
-
memory/2516-66-0x000007FEF7900000-0x000007FEF7913000-memory.dmpFilesize
76KB
-
memory/2516-67-0x000007FEF31B0000-0x000007FEF31C1000-memory.dmpFilesize
68KB
-
memory/2516-71-0x000007FEF3080000-0x000007FEF3094000-memory.dmpFilesize
80KB
-
memory/2516-70-0x000007FEF30A0000-0x000007FEF30B1000-memory.dmpFilesize
68KB
-
memory/2516-69-0x000007FEF30C0000-0x000007FEF30D3000-memory.dmpFilesize
76KB
-
memory/2516-68-0x000007FEF30E0000-0x000007FEF31A5000-memory.dmpFilesize
788KB
-
memory/2516-75-0x000007FEF2DB0000-0x000007FEF2DFD000-memory.dmpFilesize
308KB
-
memory/2516-74-0x000007FEF2E00000-0x000007FEF2E42000-memory.dmpFilesize
264KB
-
memory/2516-73-0x000007FEF2E50000-0x000007FEF2E62000-memory.dmpFilesize
72KB
-
memory/2516-72-0x000007FEF2E70000-0x000007FEF3076000-memory.dmpFilesize
2.0MB
-
memory/2516-41-0x000007FEF47F0000-0x000007FEF58A0000-memory.dmpFilesize
16.7MB