Overview

overview

10

Static

static

10

LunarTweaks.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LunarTweaks.exe

  • Size

    107.4MB

  • Sample

    250101-ddtd4sskay

  • MD5

    4dab86dd034972e11ef288fb392456dc

  • SHA1

    2d5a055f6c77b84cce489ffc1c323d6113837a29

  • SHA256

    0c831387c2385917537da26fa973e7a81cf8a4fdd96a1e9d3c9a5c31a0752289

  • SHA512

    25af997f4bd49fbb1d38b641502b41e0bd53d03776ade2901d3191aff036368931e1a604b828b6b623647df8f1c7c8d15a79b062a5191b70b6ca80b3d12f643c

  • SSDEEP

    3145728:eUTeCRRS6xjKcBa6/2qHO5iCpBnG0iWMstB2OxQFyMHM:9TJjSWNa6NHCiWhieBs

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      LunarTweaks.exe

    • Size

      107.4MB

    • MD5

      4dab86dd034972e11ef288fb392456dc

    • SHA1

      2d5a055f6c77b84cce489ffc1c323d6113837a29

    • SHA256

      0c831387c2385917537da26fa973e7a81cf8a4fdd96a1e9d3c9a5c31a0752289

    • SHA512

      25af997f4bd49fbb1d38b641502b41e0bd53d03776ade2901d3191aff036368931e1a604b828b6b623647df8f1c7c8d15a79b062a5191b70b6ca80b3d12f643c

    • SSDEEP

      3145728:eUTeCRRS6xjKcBa6/2qHO5iCpBnG0iWMstB2OxQFyMHM:9TJjSWNa6NHCiWhieBs

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks