c48b1d0562f49f921b34fa58c952a4dd991d111003c3543f8852fdddb0b0da4f | Triage

Resubmissions

18-12-2024 18:26

241218-w3lpnsykeq 10

18-12-2024 17:16

241218-vtjchswle1 10

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 18:26

Sharing

Report Analysis Logs

General

Target

Moon/MoonBETA.exe
Size

312KB
MD5

5bae36c5feca5e1539da4bae2459857e
SHA1

2e304ca874ce5ec6f214dbdfc83aaa51d08a2fe7
SHA256

226a3c98b96e562615d9c638ce62a5a65c9cf533a34bae14b9de7a62c44d0f64
SHA512

521a7eaa591dd3d7f5649e1bc48c9cec5df410834f9cfacabc4731b64fc0165e3d05d57d2e635cee21f058f1e4e13d537dc72f4e982d2295edf2884e115f85ca
SSDEEP

6144:9Qz20+OXaDKNKigtRUurSQ07mMiDsNNFc2KigtRUur:9QSGpyRSD7FsiDIR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2780	1824	MoonBETA.exe	30
PID 1824 wrote to memory of 2780	1824	MoonBETA.exe	30
PID 1824 wrote to memory of 2780	1824	MoonBETA.exe	30

C:\Users\Admin\AppData\Local\Temp\Moon\MoonBETA.exe
"C:\Users\Admin\AppData\Local\Temp\Moon\MoonBETA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1824 -s 504
  2⤵
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-0-0x000007FEF5D23000-0x000007FEF5D24000-memory.dmp

Filesize
4KB

Download
memory/1824-1-0x0000000000B90000-0x0000000000BE4000-memory.dmp

Filesize
336KB

Download