Overview

overview

6

Static

static

1

Luna-Grabb...64.exe

windows7-x64

4

Luna-Grabb...64.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    841s
  • max time network
    843s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 19:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Luna-Grabber-main/python-3.10.9-amd64.exe

  • Size

    27.6MB

  • MD5

    dce578fe177892488cadb6c34aea58ee

  • SHA1

    e562807ddd0bc8366d936ce72684ce2b6630e297

  • SHA256

    b8c707fb7a3a80f49af5a51c94f428525a3ad4331c7b9e3b2e321caf5cb56d7d

  • SHA512

    8858aa7e82ca8cf559eeb25c14d86d24637a86e64c8db7465c99d05558ce3c67cea18d68abdfbe3df08cdbedfca5f819aa7fd8e57beae2054a7f7a8a64c04b41

  • SSDEEP

    393216:rLQzCSAmQThdbDLP4+pG+ynEuB2EdPJPSmZ7SCZtnfhk1pACJ+DH5dTLwUTmhU+3:rqCLPxpG+tRKPJPSu7rkphcDnwhC7i

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\python-3.10.9-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\python-3.10.9-amd64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Windows\Temp\{F7943D3A-1663-4F74-A425-7050B008494F}\.cr\python-3.10.9-amd64.exe
      "C:\Windows\Temp\{F7943D3A-1663-4F74-A425-7050B008494F}\.cr\python-3.10.9-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Luna-Grabber-main\python-3.10.9-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2028

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Temp\{651B7EEE-7875-41F2-9BE7-9A0A0D588B3D}\.ba\SideBar.png
          Filesize

          50KB

          MD5

          888eb713a0095756252058c9727e088a

          SHA1

          c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

          SHA256

          79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

          SHA512

          7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

          Download Submit

        • \Windows\Temp\{651B7EEE-7875-41F2-9BE7-9A0A0D588B3D}\.ba\PythonBA.dll
          Filesize

          650KB

          MD5

          64d1e3b44bfce17b6a43e9ca200bfaa2

          SHA1

          2617a95208a578c63653b76506b27e36a1ee6bba

          SHA256

          c016025b6e3c1335eef8f544cb88a948d7c785fd5247b994c8ec91a4fce5f899

          SHA512

          002fcb10e7aec037eee5acdbdc20719f10147917330f769943e4342d99a9596df5f09c039be5a8daa871062bf4c7263ae4d6582f971ced570c85abcbea87cc77

          Download Submit

        • \Windows\Temp\{F7943D3A-1663-4F74-A425-7050B008494F}\.cr\python-3.10.9-amd64.exe
          Filesize

          849KB

          MD5

          d988448411dc7548332378f7f61508a4

          SHA1

          34989539914256ea9f6d691236039d806be6f7ca

          SHA256

          ae5f3d9aaf871d4cf62b3106a7babb66a5c52fdf5ea9b93467c45bd047319c66

          SHA512

          eb631c340bebb6ce3a6100383fe5e5bd8d2b700ca2c9cd07c1bff4decb8b72a9223596786ef0e8040097135765d7af479f3bfa10957abba32143fc9c9b51ce97

          Download Submit