Overview
overview
7Static
static
3Lunar Engi...32.dll
windows7-x64
1Lunar Engi...32.dll
windows10-2004-x64
3Lunar Engi...64.dll
windows7-x64
1Lunar Engi...64.dll
windows10-2004-x64
1Lunar Engi...32.dll
windows7-x64
1Lunar Engi...32.dll
windows10-2004-x64
1Lunar Engi...64.dll
windows7-x64
1Lunar Engi...64.dll
windows10-2004-x64
1Lunar Engi...32.dll
windows7-x64
3Lunar Engi...32.dll
windows10-2004-x64
3Lunar Engi...64.dll
windows7-x64
1Lunar Engi...64.dll
windows10-2004-x64
1Lunar Engi...86.dll
windows7-x64
3Lunar Engi...86.dll
windows10-2004-x64
3Lunar Engi...64.dll
windows7-x64
1Lunar Engi...64.dll
windows10-2004-x64
1Lunar Engi...86.exe
windows7-x64
5Lunar Engi...86.exe
windows10-2004-x64
7Lunar Engi...X2.exe
windows7-x64
5Lunar Engi...X2.exe
windows10-2004-x64
7Lunar Engi...64.exe
windows7-x64
5Lunar Engi...64.exe
windows10-2004-x64
7Lunar Engi...ple.js
windows7-x64
3Lunar Engi...ple.js
windows10-2004-x64
3Lunar Engi...le.dll
windows7-x64
1Lunar Engi...le.dll
windows10-2004-x64
1Lunar Engi...sdk.js
windows7-x64
3Lunar Engi...sdk.js
windows10-2004-x64
3Lunar Engi...86.dll
windows7-x64
3Lunar Engi...86.dll
windows10-2004-x64
3Lunar Engi...64.dll
windows7-x64
1Lunar Engi...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 19:14
Static task
static1
Behavioral task
behavioral1
Sample
Lunar Engine/libipt-32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Lunar Engine/libipt-32.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Lunar Engine/libipt-64.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral4
Sample
Lunar Engine/libipt-64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Lunar Engine/libmikmod32.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
Lunar Engine/libmikmod32.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Lunar Engine/libmikmod64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Lunar Engine/libmikmod64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Lunar Engine/lua53-32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
Lunar Engine/lua53-32.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Lunar Engine/lua53-64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral12
Sample
Lunar Engine/lua53-64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Lunar Engine/luaclient-i386.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral14
Sample
Lunar Engine/luaclient-i386.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Lunar Engine/luaclient-x86_64.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral16
Sample
Lunar Engine/luaclient-x86_64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Lunar Engine/lunarengine-i386.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
Lunar Engine/lunarengine-i386.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Lunar Engine/lunarengine-x86_64-SSE4-AVX2.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral20
Sample
Lunar Engine/lunarengine-x86_64-SSE4-AVX2.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Lunar Engine/lunarengine-x86_64.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral22
Sample
Lunar Engine/lunarengine-x86_64.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Lunar Engine/plugins/c# template/CEPluginLibrary/PluginExample.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
Lunar Engine/plugins/c# template/CEPluginLibrary/PluginExample.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Lunar Engine/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
Lunar Engine/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Lunar Engine/plugins/cepluginsdk.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
Lunar Engine/plugins/cepluginsdk.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Lunar Engine/speedhack-i386.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral30
Sample
Lunar Engine/speedhack-i386.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Lunar Engine/speedhack-x86_64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Lunar Engine/speedhack-x86_64.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
Lunar Engine/lunarengine-i386.exe
-
Size
11.1MB
-
MD5
ab36097ea29667fdeffe1f844d7143fc
-
SHA1
8b2a00b2a70802918afc8e3c84295d0fc24bd7ab
-
SHA256
0b812e7d68077a48b8f008860936024d7bd4a7a2c321632eefaf418c4612dee5
-
SHA512
8c916e269d975d3dc17de579543bb5b966f325212eaa501fa7529b2161adac1dc88b4be3e1f1ff999e8de57bbd8cae7e35dea1ffdaa25047d0b1be8ff4077237
-
SSDEEP
196608:ylmIExvIWIuhQrJH1FmC0Was4xal/zPCGyp45tuYCHmuOZD:qmIExvHIuYPmWas4wCHpIQBmuOZD
Malware Config
Signatures
-
Drops file in System32 directory 53 IoCs
description ioc Process File opened for modification C:\Windows\syswow64\normaliz.DLL lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL lunarengine-i386.exe File opened for modification C:\Windows\syswow64\psapi.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\propsys.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\oleaut32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\CFGMGR32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\kernel32.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\GLU32.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\DDRAW.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\DCIMAN32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\imagehlp.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\uxtheme.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\profapi.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\msvcrt.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\USP10.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\dwmapi.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\hhctrl.ocx lunarengine-i386.exe File opened for modification C:\Windows\syswow64\KERNELBASE.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\DEVOBJ.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\USER32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\ADVAPI32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\SspiCli.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\msimg32.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\DUser.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\ntdll.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\GDI32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\CRYPTBASE.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\MSCTF.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\sechost.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\SETUPAPI.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\comdlg32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\imm32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\CLBCatQ.DLL lunarengine-i386.exe File opened for modification C:\Windows\syswow64\wininet.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\explorerframe.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\opengl32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\iertutil.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\ole32.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\version.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\SHLWAPI.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\NSI.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\DUI70.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\shfolder.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\RPCRT4.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\shell32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\ws2_32.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll lunarengine-i386.exe File opened for modification C:\Windows\syswow64\LPK.dll lunarengine-i386.exe File opened for modification C:\Windows\SysWOW64\wsock32.dll lunarengine-i386.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll lunarengine-i386.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
description pid Process Token: SeDebugPrivilege 3056 lunarengine-i386.exe Token: SeTcbPrivilege 3056 lunarengine-i386.exe Token: SeTcbPrivilege 3056 lunarengine-i386.exe Token: SeLoadDriverPrivilege 3056 lunarengine-i386.exe Token: SeCreateGlobalPrivilege 3056 lunarengine-i386.exe Token: 33 3056 lunarengine-i386.exe Token: SeSecurityPrivilege 3056 lunarengine-i386.exe Token: SeTakeOwnershipPrivilege 3056 lunarengine-i386.exe Token: SeManageVolumePrivilege 3056 lunarengine-i386.exe Token: SeBackupPrivilege 3056 lunarengine-i386.exe Token: SeCreatePagefilePrivilege 3056 lunarengine-i386.exe Token: SeShutdownPrivilege 3056 lunarengine-i386.exe Token: SeRestorePrivilege 3056 lunarengine-i386.exe Token: 33 3056 lunarengine-i386.exe Token: SeIncBasePriorityPrivilege 3056 lunarengine-i386.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3056 lunarengine-i386.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3056 wrote to memory of 2188 3056 lunarengine-i386.exe 28 PID 3056 wrote to memory of 2188 3056 lunarengine-i386.exe 28 PID 3056 wrote to memory of 2188 3056 lunarengine-i386.exe 28 PID 3056 wrote to memory of 2188 3056 lunarengine-i386.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Lunar Engine\lunarengine-i386.exe"C:\Users\Admin\AppData\Local\Temp\Lunar Engine\lunarengine-i386.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Users\Admin\AppData\Local\Temp\Lunar Engine\Tutorial-i386.exe"C:\Users\Admin\AppData\Local\Temp\Lunar Engine\Tutorial-i386.exe"2⤵PID:2188
-