Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 05:57 UTC

General

  • Target

    Luna-Grabber-main/options/Browsers.py

  • Size

    6KB

  • MD5

    91848f3d8e6ac6ccf90b83cfb87322cd

  • SHA1

    62632262210b6d13ebeefc36fdce92b011387868

  • SHA256

    1a9de3ad311b70cf37c3b6f1b9e77faaa38ca8b2e9e33046f824af2a20be1184

  • SHA512

    7b6d4db865e2383a6e27942302a4634018ffd933d9ba9d82c00b17ceec8ea3f68fcac0fbe756b2b00a00cbd4140385ef3b0f0734e18cd158feb4cf28b9aaaa5d

  • SSDEEP

    192:S8RI0pRHIG+abKcphGE3+OK1w81A7ln42:NRI0pRHIG+abKcph0w81A7K2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\Browsers.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\Browsers.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\options\Browsers.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    37c6ef18b30feba22af74508151017c0

    SHA1

    1a82e9785f4fa5f98812fa98cceaafaa68644fa2

    SHA256

    ad8a4880656fd06c2ee999d06a3781e844d81fc46c70d8419bb5bb1b6d60fa51

    SHA512

    10c0e7931dd8a324b1c16edcca85a4c5eef2130d73cbb39c455cf226d47bcf679863a3335b1998da2bc72bdcecad8943a2d38582326ca2a1fb527928eeabce38

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.