Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Lunar_Launcher.exe

windows7-x64

6

Lunar_Launcher.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    46s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lunar_Launcher.exe

  • Size

    3.2MB

  • MD5

    e6810402c4da84354ed06ad83ba5ffa8

  • SHA1

    5d34d41750a512ffbbc49613acdea9ed7d3cc2f5

  • SHA256

    9984c879995a1ac07533eba9f8ccfb88b82e81c010331ea46a52427395cd7d06

  • SHA512

    38e185c2cf8fdf5baa3005f6562742f080260f16b202a2a75b9ed749631853f199543dabc7a96f8488198ad9fdebef1704a891f34ca675ae47179bcfb1ee532d

  • SSDEEP

    98304:gwyrkJci8kn0p9zCFm0kR2wum3yMyRGBVMaGjTzJmg:PygJci8kK9zC80DmsuVEjTzIg

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lunar_Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Lunar_Launcher.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/vUBT29RzZj
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47b7054a668ccee15de407f85a01e1e1

    SHA1

    884be062b15cf0724ad6878e256df88aabb5ef89

    SHA256

    bad5c4b6d76e9bdfb5dcb6477965e5bbb2174f5715a877aa69d5cd550eadebf7

    SHA512

    abd82f18db52b304e045483771f95510e80a1c0f0840dcce40aaa6015df6464d91f4120bcca53791e4bf1d5342d548c076c5b110f152a299f7b237c5e5ebc0ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    671aca6f8e72d40f8cd531aa1e9ee301

    SHA1

    3e5b797e60817720924deeafc95024e7a01245ba

    SHA256

    49e0ed0ac764cbfbf008b0b9284b64f2ce4c4f1d210cb567d0f5a4eceb232eea

    SHA512

    862c863c99788281ef45475d690c4249664c80c017c981dcc9e0bbaec00416b6de4a881d0c322a856faeb2dbc43b4e81d76566921f04ff30e9626de601d7910b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd5d2a62280b770df120621911c9290d

    SHA1

    ac4bac0b9fcb1c56cfbed5eca38b7af75a687c3f

    SHA256

    903c0e4b12ca053670a7b33f84dcb2936dbd60e331cf2de78576316296f2bfd0

    SHA512

    d2c9cdc0a158d419652d214c6ad3fd823443368e2f89c46bf47e30d5c9ab2f2628983cea89c7e0c6df4910761ecf9e67033fcc5959b4daebef76342e102b55c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    949193465d7c10f66f799cc950dc1182

    SHA1

    29b6e71c4be9bdede9939f059241ecaa04c1a23d

    SHA256

    aeeaa28d7ffba9a45a16baccf1e3f3a4542f456a92185b65fc73612f21307a13

    SHA512

    2b287423f48e9d8d143bb1e9c1ea9a82d637664cd5f10751746cece8ae5f23f282a7d9dfc7aa47886b6b5f53567644d33f7e35fed2eedd19db2d685a34f29027

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88accfaab9295668c52d9599e6dd0163

    SHA1

    56a3c2e62f3cfbafed23e7435e8b7aabaeb967cc

    SHA256

    2523792f90837dd710a8e6c599550ae5317e98bdd812d100fcdc3b104643079e

    SHA512

    322d7ba972f2ea5e9510ce16c51415c4d5250a8d43b512e5f6d6539ac041d4850bbe9b5009b89dd6412f7f0e136337d321b923b6a7d7e5c2e61ddc12b7d55c5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bcbcbe7f18e46b75dc0db7e0d28d9ef

    SHA1

    893c0739fd5b16f401d7830e82c3a216c0d51324

    SHA256

    473e964810a9ab26061183b32edba083b46f9ff62153373e0eac8a5c528d293a

    SHA512

    6585596d857158b330160f7f9bcb2b8ef7ba402483881ba399b47a6d57095e4070b645d33b8b8ed4f8958a6d6903f08725c9f60d0248cd848d6fbe4a227d61c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f08f6b4de933e9edae0995006b9a59b

    SHA1

    7f630fa8509bd949d853993bf79cda10e203bd0e

    SHA256

    59e5a1bc811fbb67787ce50843fbfc2683d504ad2bc57cb47a2f2cad4e8662c6

    SHA512

    f380b7e1898e2f0b4b4208fad14c1f50fa7b7d88a171d66ff2bbe1243688ee7b22e23404ac42d4c038e86676f51c88d790fa1398ab1c1fe7f7bffc4774a8ecb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0ed4f2bb6d0cfd26b504720a7f2597b

    SHA1

    78656209b20d05dbfa1f8c5f35897d5a6354043b

    SHA256

    b53c2aa84f4788d8d66eb7613ff6164265d857f98668414dcda1acca8d92a0f9

    SHA512

    8b908425b95552bbc58d1f22178e9ea95afb9bea23f60eba12564f7f055e9f6fe53016bcf056313f136d82f89ed529c0b47da988e304494e8980cf5d4f926591

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54dcf05942869288a36aa1983ffc8f99

    SHA1

    bb3e20891d0c09763d34499fc63a0bb330162114

    SHA256

    26bd1aada622ee7fc333ab68d7d01aceb6faf13eabd5fa2a83eb31dbb842ef08

    SHA512

    8a15597b2371968c3d89a06f131b912bbce96b0ccbf4964b4b85e6541019a46f8ef4380c4d61df0cf3428b6ee8c291c2e8da58224c000663bfe8247236d8e689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5582265b8496cfde2d8e4c3264bc28d2

    SHA1

    ea993867690736da71496cc880330d2996056940

    SHA256

    bcb4b05aa2b12aa1b0f46f050a5d94f01a9b79da9200665ffe9dee526d44a39e

    SHA512

    53e54d8cb5ca7b868dde8771f1a77d2771ec4a40d3bbcb699e7ffab944a677d1f98dd10beebc4695ba4312f572a9e0cc2b956b0fcf675193daf2607eb127347d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d49b4d7b42d868625457b63e8b9aaa9

    SHA1

    b19395b00693abf110817d7adc6e0b4cbb2387e6

    SHA256

    6ad37ad6c38291bdf7e584ece677abbd1db5386d6991649955a5469e89a246a9

    SHA512

    b66f7418010f03dbefc83a4e48f09550c27b16bff63481c88de5ea43027480b2e6029d6c8512f842bdcc8bc9ea62bad1ffd09ef8274d0acd21ad32b78922ca16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8312923ed03e9ab454c3212309711b2

    SHA1

    e03c9bd5d0e9cabe6e912fd6de52376eebdc29c4

    SHA256

    1ca29509c7211b6e70385a8929a21019d4a525c802aa945dfc9b9725e6227a38

    SHA512

    ff304d5b6d4b10f9ab5bb817584fc6759cd70f6da5ebddcf337c5bf19ce75caf16fb79d820d30df927014101901cb724cd96436df59e40f170a8f992ea965fa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb8538606386dad97dd4fffadf9f3bb7

    SHA1

    c9de551a6b878a5db9c3443248f44611614e01fa

    SHA256

    f817c2c437ef644c1e76e82a6139eaae43cd7afbef92bc390a2698d42a8974d7

    SHA512

    2cbb2e28631e4eb63f5c05509a715404adbc3d431c165806c706df0c6ebe4b69dc5d12ae74965f9feb31d8fd92c8f40e40547ed2b95e7f3d3201eade4f03f9e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat
    Filesize

    24KB

    MD5

    650c95a5595e109445c7356ab20c227e

    SHA1

    06fe2968d37f13402501d0c599fb27fa24daf944

    SHA256

    63377dd8babaedf7043bba2c69f4a800ed0ebc3be3b5e3fb7a3b46911842694c

    SHA512

    fa764571676a0856e884286471aa9fbb5c30ae2da513c91493e59672101b1076ce89734b2b26bbd15a90f0ac463ca8df04d51ac6b8b0da0fc76dd29df9be681a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3BC8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3CB7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2768-6-0x0000000000320000-0x000000000032A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2768-8-0x0000000074270000-0x000000007495E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2768-0-0x000000007427E000-0x000000007427F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-7-0x0000000000320000-0x000000000032A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2768-5-0x000000007427E000-0x000000007427F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-4-0x0000000074270000-0x000000007495E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2768-2-0x0000000000320000-0x000000000032A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2768-3-0x0000000000320000-0x000000000032A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2768-1-0x0000000000DE0000-0x0000000001110000-memory.dmp

    Filesize

    3.2MB

    Download