Resubmissions

22/10/2024, 19:51

241022-yk8gtstckl 7

22/10/2024, 19:48

241022-yjkpdatbnk 7

21/10/2024, 21:25

241021-z9xx3axema 7

Analysis

  • max time kernel
    24s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2024, 19:51

General

  • Target

    Lunar Client - Installer.exe

  • Size

    2.3MB

  • MD5

    5dae543a90c57b5441f4c2995f2b5436

  • SHA1

    066629ae4d2f56e054a4479288d6c9fd43ee2a7e

  • SHA256

    b38150ba19809c027431ec9ac11e3f560d2bed0708c5f7332167c40032e9632b

  • SHA512

    769473317ddb413bb47719910fc477bd2ede23c13b37f9eb4d4c14f49b421672382782325080b97342f8487788929a97334ae4436a743004ef9c331643c1267b

  • SSDEEP

    49152:ImAhWNzxE87vxpsrFpIvZRW/z4GEfOM6HsFWB3YONkhWocU/:IhAPN+TIvZI/z9NRHyTd

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2872
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8119758,0x7fef8119768,0x7fef8119778
      2⤵
        PID:3048
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:2
        2⤵
          PID:2412
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
          2⤵
            PID:2740
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
            2⤵
              PID:1552
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
              2⤵
                PID:2340
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                2⤵
                  PID:2112
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1236 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:2
                  2⤵
                    PID:2928
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2248 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                    2⤵
                      PID:1976
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
                      2⤵
                        PID:3004
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
                        2⤵
                          PID:2960
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
                          2⤵
                            PID:2160
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3856 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                            2⤵
                              PID:632
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                              2⤵
                                PID:2584
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2400 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                                2⤵
                                  PID:2396
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3904 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                                  2⤵
                                    PID:980
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3784 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
                                    2⤵
                                      PID:940
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1932 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
                                      2⤵
                                        PID:364
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:2680

                                      Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

                                              Filesize

                                              193KB

                                              MD5

                                              d9f9cd5a6dc6cde367e03292a5530455

                                              SHA1

                                              ef8613e9114aace9a2e4907979b4dcee673a44bc

                                              SHA256

                                              01a750dbed8727486e4581c35d610dc71736961f55dd83b4abdd99578d35713d

                                              SHA512

                                              e4a5e968028db8d898bb840c10d8e52ed92776e57b0f82cfd6117662294cd5126f0fe75e41faae2c342f142c829f3e7eb87497aec297a531366f3481d026ed35

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\CURRENT~RFf77e2e0.TMP

                                              Filesize

                                              16B

                                              MD5

                                              46295cac801e5d4857d09837238a6394

                                              SHA1

                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                              SHA256

                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                              SHA512

                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              3KB

                                              MD5

                                              37a521722df2bfec568d675ef2883c73

                                              SHA1

                                              2de1b07d15c4a3de60ca455019d28c7002924b3e

                                              SHA256

                                              aea7f7c15d70fc0cd780ea97da567a79d2ea4b8b2be8271251406b656da888a7

                                              SHA512

                                              6dd5089a5991a9214f0bc5d98bb73cdb7e2ddaf328a000fea6b62d15d52ebdeeda99c82e661a169878ffa02e1389b1990606004d07fc64eeaeb76bc0a0fd0c65

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              363B

                                              MD5

                                              90d351c049fa17c68478cd1aa0be757b

                                              SHA1

                                              1be3c20dc6f66c4c3bb4f9b5b66cfb3a5cab9d76

                                              SHA256

                                              71436627eba4902e82903dadbbc8ef21c9c68bb6d711847cbea72fd91ef45c89

                                              SHA512

                                              97f8138e22b71cfc612108de9f55f11a54c9f584aa6c691eb879823ae3603d306a4278e9e579d53fdbc6f031ec6e28e2a5fcfc9796bdb1e48050cf6be37c9ac1

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              363B

                                              MD5

                                              b024b18618b181f63ec1329d9bc9cd44

                                              SHA1

                                              942b6b293a6e26d0569cac7181fcd5190998e8e2

                                              SHA256

                                              e51ff10ea1fef05af052a6228afbd3c742bd0632db479d51ad66a4eb836a2577

                                              SHA512

                                              242617ca5c78535da676a5539a6e22877ef11e25da36372e4c32d889cc78bdd479e0ae862343c3b3885e43e1988ad7cffccd28d3161e28457e5619dd026c2395

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              71ead9e9a6ef28fe9055cbc0920dd571

                                              SHA1

                                              dacf6919a9e17de7e6e006252e85affe970ca129

                                              SHA256

                                              8fdcbe149dda57b781b58d9f2accc1fdce76bc2f624c515c1a0394fdcddde696

                                              SHA512

                                              c075386354ac30df70139c7458f3b8d448a6ab52505383a7976ac6cc750fcbcdfda201987f437a6a2a8b2cf834f8ef71214689d525ec7e66e4809bfb6b9b5d6b

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              35e4a4ebf779233233b87839f7bb977a

                                              SHA1

                                              7307c873f4e7b1fef28287c0887cff91067b81cb

                                              SHA256

                                              f9600e97590f47a18b639f3bc5d51d118e6becf452f87845343bcb120f9aa5d9

                                              SHA512

                                              6d6a8783067cc2c70b0a89ce5c0c83c61e0ae1e5b5e6d087568cf2545de52a32d0dd35f374a23831c408185799434e54a852ba9d9f4f0a6532f54647417a3478

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              e423745a85ce0bb956852f2448777464

                                              SHA1

                                              56b237157cda44a95d4314f1f64ddaf7e73bf723

                                              SHA256

                                              07dc42d5b99900064107c23664e273d6e3d73c119570dedc45e17871f68acea5

                                              SHA512

                                              09c18409feb28da44561ef0e9d22e0037d43a3b661d0bbbdeea9550c11e6997f717561168b04abd826d3491dc2443ceb4f8510f0363226593302c150b96ba7a8

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              3f967ecc6729e08c386cfdcc3633c878

                                              SHA1

                                              2f9c58c7afd487bb8901cc8dc11b8061434cd6a2

                                              SHA256

                                              b9b36a5f951f81b9eeb13a5bc0eaba89c932bd7288c48476aeef2ae2a862bd07

                                              SHA512

                                              adffc866ce44e41ac8829231ff35d8db6ae82e44929618ec90aeaaa942e4c43ef63d5f307630ee189b7c359426632a25d24ee0c7d8337b192657f3b62631f89a

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              bf67153d6b2cc2dd6a9b4f2a2f560ad2

                                              SHA1

                                              2ff368a3c2ec6539f092a9f5ca539cec072150e9

                                              SHA256

                                              c7edce6f4c0670e544e0fd63000f1abcad7977fd764dfb1ffc2ff815752d1aa0

                                              SHA512

                                              d1c42ff20a4b05dd3a874a2ce4c3c075405e7d898e3b9b944cc499d3a3812a9f2d2feafccf38047b37dab7ac2a09aa6cfc8aa91d57c85c9a0299a9bbd8854dfd

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                              Filesize

                                              16B

                                              MD5

                                              18e723571b00fb1694a3bad6c78e4054

                                              SHA1

                                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                              SHA256

                                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                              SHA512

                                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                            • C:\Users\Admin\AppData\Local\Temp\CabAF73.tmp

                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\Local\Temp\TarB070.tmp

                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                            • \Users\Admin\AppData\Local\Temp\nso391B.tmp\System.dll

                                              Filesize

                                              21KB

                                              MD5

                                              51bd16a2ea23ae1e7a92cedc6785c82e

                                              SHA1

                                              a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c

                                              SHA256

                                              4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33

                                              SHA512

                                              66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79

                                            • \Users\Admin\AppData\Local\Temp\nso391B.tmp\UserInfo.dll

                                              Filesize

                                              14KB

                                              MD5

                                              1dd4ca0f4a94155f8d46ec95a20ada4a

                                              SHA1

                                              5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81

                                              SHA256

                                              a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d

                                              SHA512

                                              f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e

                                            • \Users\Admin\AppData\Local\Temp\nso391B.tmp\uac.dll

                                              Filesize

                                              24KB

                                              MD5

                                              861f7e800bb28f68927e65719869409c

                                              SHA1

                                              a12bfcd2b9950e758ead281a9afbf1895bf10539

                                              SHA256

                                              10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010

                                              SHA512

                                              f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb

                                            • \Users\Admin\AppData\Local\Temp\nso391B.tmp\utils.dll

                                              Filesize

                                              58KB

                                              MD5

                                              c6b46a5fcdccbf3aeff930b1e5b383d4

                                              SHA1

                                              6d5a8e08de862b283610bad2f6ce44936f439821

                                              SHA256

                                              251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0

                                              SHA512

                                              97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c