dde68c94feeb5832a82cdc041c4ad2124f2594922600fa1147bd8ff070ea7553

Analysis

max time kernel
34s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lunarcrack.rar
Size

6.4MB
MD5

4fa6c73f35112f3008df329fb710c8e7
SHA1

60a5cb54f8fde0595126ceec854504c99866c115
SHA256

dde68c94feeb5832a82cdc041c4ad2124f2594922600fa1147bd8ff070ea7553
SHA512

0f84b88ccb32f9ebd1c5794ef8e9edb861888d80d83d71815016b686562ae430c147f79f0569398b0fb7a27bf31f3e3c5e7779a8f591fc511c7e82b0aec29549
SSDEEP

196608:3AVGU3BOT8TI/rFxipqiFb72FJBH+AMPxRY:wVGUNszuuHCm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675390263177298"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
664	chrome.exe
664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe
Token: SeShutdownPrivilege	664	chrome.exe
Token: SeCreatePagefilePrivilege	664	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3904	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 4100	664	chrome.exe	91
PID 664 wrote to memory of 4100	664	chrome.exe	91
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 3340	664	chrome.exe	92
PID 664 wrote to memory of 2832	664	chrome.exe	93
PID 664 wrote to memory of 2832	664	chrome.exe	93
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94
PID 664 wrote to memory of 2816	664	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Lunarcrack.rar
1⤵
- Modifies registry class
PID:1844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff87d84cc40,0x7ff87d84cc4c,0x7ff87d84cc58
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4764,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3460,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3540,i,3920042506088153635,14953831046735754653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9af82df5a59b619620da30fbb65ec387

SHA1
b13a9bd1130537f291934405bd403a5eadab57f9

SHA256
ca9b97d8669a5db07b29f701830e41c87ab5659667ef2447195e14a651aab25f

SHA512
eb11c86ae000ff34f20396c35b73cb9e77d08970e68f5266093c2c0151277dce6da9f313deb98d8f5e0047948e8ec83fa83abcf0cd078775b749022c2f3c71af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f960574eac88a3e45b24520d2ec5b52e

SHA1
ba5eace483293cc2e3d576f5de2f14eccd45edc5

SHA256
adad8bee741a3f75ff887f4d403a290c6322c533b2b6f073ea077402e07099fa

SHA512
434513797bda200920b38c205b47a89ea6124b7cccc40c1fd8ea94b52b7e608253aada5790ed7779a0b1b3690b73b6f6c7d9b40a1680675d22cf2250437faa3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4b55fec5faa24583f55a4ad13670b376

SHA1
8ed6b65409a7b185156ae82c279500a7c8f9e483

SHA256
bd278d470ebfd9f26e6da1bbdaa3f9a16d0f1ee8a2e532e5715daaf36ca3c782

SHA512
05ca82c563bc151f98462328091b03fccfb246e4c22fd42681983ff7ebb714f4226908f574d1e32da497920a519b44d7b1ae49a634a5c379d0c51ec356f000a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7ecff84e2b0184599936cc4ba61e29d7

SHA1
273e6b1e1711359b71f8122829588d0e9eb177c4

SHA256
29c754f5c31f393fe69dac35eeafa398514eab50c9e904cceddcfff66e948f6c

SHA512
eb5877b8eb8587c19aa52231cbf5f36790869a74eb3d8ee437aab4a3d1585d12a6f0f07b0e1ef4fc82f7194043b0ba8f577aeb0ad923e2c10bbfb8abdc543f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ad439819e27f21c938f5724e924945b3

SHA1
c600ef525d5017377ca7f67ffb06c678d77a1647

SHA256
457bf14be42840bff82b20a9e89d7016f5a7c56729916c68bd5ef4ff6995c330

SHA512
ac568c9874496b35071f53b43c89731f1b7a6e9e0c7fcf3308e251ef871cebd131bdaa0f18bbedc906c733c814e36fd129fa51dfc300a3ddd751a58a2933da79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
fb63cbfc32e383dcfd74cd4fc5734d1a

SHA1
f6822ddd9d829d6fc8cb337b99838b9e51e539f7

SHA256
8b156515fc354cbd86cf1adfdf8003080c1cf2f964052a402e22923cd3c3bb66

SHA512
fcc971ee38c1f4fe6974e5021422dda3ff4ce916b6ac4567e376805624d0eec5d1c0b932a2275c062ac7620de11bac420e7c9f9949f176b51281f96e921d6463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
bf66839a7114e61c24d912e9bfe40eae

SHA1
54a284701d7baf140335fe9679ec61c311d4a754

SHA256
71d0889e3f00c9fcb53c7e4868a77aeb7f23cf0cf468e6073986c6cd827290bf

SHA512
e7e1762019333cdfbabe719103d620b3124ec1c16d58aae28a1184d0711c63946b1342140d00919a6356779ce3a059baf2abd2852096ee866d0cb0d4c8d0ba41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit