13cebe731404aa3ea7b4cdba0c306008c9c69e2ae9a65646f2a3b0c13fe3c61e

General

Target

lumicore.exe
Size

6.8MB
MD5

e5e662cfaf5bee45eeaa8681d005d4b8
SHA1

a556ec8f8e5dbd6d7afe5f76795bb2a832cea68e
SHA256

13cebe731404aa3ea7b4cdba0c306008c9c69e2ae9a65646f2a3b0c13fe3c61e
SHA512

4cde7389724caefaee18cf03355cd97f17e53ecc7caafbf33dde03cc69135fcf8d294c99959d30a80a70cb54cc670e485f9574cce4d77660127a9042b9cdf361
SSDEEP

98304:eeD6W2Xl0mnAvBBBCAj39H4twW2O+E7nsLFpD0p94V8NjVf7/vlAZRAD2EbYt8YR:v51vBBN5YtwWpbtLN7VeE2EPYQi

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000100000002aa6b-29.dat	acprotect
behavioral1/files/0x000100000002aa5e-35.dat	acprotect
behavioral1/files/0x000100000002aa60-37.dat	acprotect
behavioral1/files/0x000100000002aa68-40.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
3148	lumicore.exe
3148	lumicore.exe
3148	lumicore.exe
3148	lumicore.exe
3148	lumicore.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002aa6b-29.dat	upx
behavioral1/memory/3148-33-0x00000000749F0000-0x0000000074DAC000-memory.dmp	upx
behavioral1/files/0x000100000002aa5e-35.dat	upx
behavioral1/memory/3148-38-0x0000000074940000-0x0000000074960000-memory.dmp	upx
behavioral1/files/0x000100000002aa60-37.dat	upx
behavioral1/memory/3148-41-0x0000000074930000-0x000000007493D000-memory.dmp	upx
behavioral1/files/0x000100000002aa68-40.dat	upx
behavioral1/memory/3148-43-0x0000000074730000-0x000000007492E000-memory.dmp	upx
behavioral1/memory/3148-47-0x0000000074730000-0x000000007492E000-memory.dmp	upx
behavioral1/memory/3148-46-0x0000000074930000-0x000000007493D000-memory.dmp	upx
behavioral1/memory/3148-44-0x00000000749F0000-0x0000000074DAC000-memory.dmp	upx
behavioral1/memory/3148-99-0x0000000074730000-0x000000007492E000-memory.dmp	upx
behavioral1/memory/3148-98-0x0000000074930000-0x000000007493D000-memory.dmp	upx
behavioral1/memory/3148-97-0x0000000074940000-0x0000000074960000-memory.dmp	upx
behavioral1/memory/3148-96-0x00000000749F0000-0x0000000074DAC000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	3148	lumicore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 3148	2732	lumicore.exe	79
PID 2732 wrote to memory of 3148	2732	lumicore.exe	79
PID 2732 wrote to memory of 3148	2732	lumicore.exe	79

C:\Users\Admin\AppData\Local\Temp\lumicore.exe
"C:\Users\Admin\AppData\Local\Temp\lumicore.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\lumicore.exe
  "C:\Users\Admin\AppData\Local\Temp\lumicore.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27322\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\_ctypes.pyd

Filesize
48KB

MD5
51b99c654924f9a942e68f022040f03e

SHA1
0ed11742a5faa496d2eecc1edde07881ee1c9417

SHA256
e4c2da7d3d6a28dd98a2ad3db5f01be6a4326c743a2a933f41de97ee39da5242

SHA512
bbc6949e9a36bf4f49b9deaeb061063c5982884e9390e9877d4e6544c737ae18d127f12e810bdd93446f5af4411e21c62a80418df2ea95a07f1beb237f0f62cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\_hashlib.pyd

Filesize
21KB

MD5
99d6ce6e40c82fc6d95e34680d8d8183

SHA1
0f21501e29b840a0433c5c48e85f8b59d00c77d9

SHA256
f05ffe068ef43e1b6b6748f23f016195deb938d309a5246f65f048eda6cef92f

SHA512
2dc84beb29e657c92c138a2748ebd72f831d6c665f0d51cc3b060c4b4fb665127fece2ac83c6bcde21fee7208d9d1b66b2c3f1967f8beb9f60a2a0b1d37579ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\base_library.zip

Filesize
994KB

MD5
48123883603eb89419b9812a52e2a0a9

SHA1
baf8042fd896424804a977dfe4e48d6e0acd445f

SHA256
7cb0a3552fd70948b1664432e442d601d7d2a446b9163aaa1e79eaf1307b7f8e

SHA512
d497f8022435a76e45ef034fb5964d1d38ab32d4c100101a77689d5de85615732f9ac640a89a4c21d61c5bb3ed7d3d8b22379fa4a643fec35100134bad9ad8fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\libcrypto-1_1.dll

Filesize
629KB

MD5
9afc099740cf6558b62b1fe99a2c43ae

SHA1
b69f2680219371f741f3accdb366f201ed904ffd

SHA256
bb157d7847b105ee48305f8c28988aad917931d67b87f408fa8c3c7b98269d39

SHA512
fc02dc0c73170b61dbe991948e650df59779c3abcd23c257e1e6e5945718b82eda0ef12c8d3360de719076ecb32e8dfa9f370486fa009f035d1454c9c83ed5cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27322\python37.dll

Filesize
1.1MB

MD5
bcffe6f87862ac4e87fbd502cea6c902

SHA1
a99caa5d2f8e4f3be07a5c411f53b6320b168624

SHA256
fbb7d5e890b2a224be4e2c8b19ab1851095ec43f27e05d26ec09e47769aac1f8

SHA512
bf039cd9fac2b1f5120de7c59875ea1813c181464e75a3e6cc7a2ffec2aab1e8f123d47f368062737445ea8c3848d537f8cae1a63fc6ef6c716c98f847d32517

Download Submit
memory/3148-38-0x0000000074940000-0x0000000074960000-memory.dmp

Filesize
128KB

Download
memory/3148-33-0x00000000749F0000-0x0000000074DAC000-memory.dmp

Filesize
3.7MB

Download
memory/3148-41-0x0000000074930000-0x000000007493D000-memory.dmp

Filesize
52KB

Download
memory/3148-43-0x0000000074730000-0x000000007492E000-memory.dmp

Filesize
2.0MB

Download
memory/3148-47-0x0000000074730000-0x000000007492E000-memory.dmp

Filesize
2.0MB

Download
memory/3148-46-0x0000000074930000-0x000000007493D000-memory.dmp

Filesize
52KB

Download
memory/3148-44-0x00000000749F0000-0x0000000074DAC000-memory.dmp

Filesize
3.7MB

Download
memory/3148-99-0x0000000074730000-0x000000007492E000-memory.dmp

Filesize
2.0MB

Download
memory/3148-98-0x0000000074930000-0x000000007493D000-memory.dmp

Filesize
52KB

Download
memory/3148-97-0x0000000074940000-0x0000000074960000-memory.dmp

Filesize
128KB

Download
memory/3148-96-0x00000000749F0000-0x0000000074DAC000-memory.dmp

Filesize
3.7MB

Download

Analysis

Sharing