Overview

overview

10

Static

static

3

Lunar Clie...��.cmd

windows7-x64

Lunar Clie...��.cmd

windows10-2004-x64

Lunar Clie...��.lnk

windows7-x64

Lunar Clie...��.lnk

windows10-2004-x64

Lunar Clie...va.exe

windows7-x64

10

Lunar Clie...va.exe

windows10-2004-x64

10

Lunar Clie...t+.cmd

windows7-x64

Lunar Clie...t+.cmd

windows10-2004-x64

Lunar Clie...t+.exe

windows7-x64

10

Lunar Clie...t+.exe

windows10-2004-x64

10

Lunar Clie...up.vbs

windows7-x64

1

Lunar Clie...up.vbs

windows10-2004-x64

1

Lunar Clie...ar.dll

windows7-x64

1

Lunar Clie...ar.dll

windows10-2004-x64

1

Lunar Clie...��.exe

windows7-x64

10

Lunar Clie...��.exe

windows10-2004-x64

10

Lunar Clie...��.exe

windows7-x64

10

Lunar Clie...��.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2025, 08:37

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Lunar Client+破解/Lunar Client+启动器2号.lnk

  • Size

    1KB

  • MD5

    495c74e517f2e6e8a348a005bce5844a

  • SHA1

    0ffe74cca89fb00e0dfc7380510b5b6a9a6e3bc8

  • SHA256

    f094a7d8e7d4a26da9ed4479f8f087797db8f748927fa0a5ba82e298bf93e195

  • SHA512

    0cc1fec03bfa8762c21042def2bd95460bc09262b8ddd1f560cc332183d8e75c5b799a1e8757e8a858c962d0112fc574900d038882912923d6f17c548f4bd7cc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Lunar Client+破解\Lunar Client+启动器2号.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\System32\shutdown.exe
      "C:\Windows\System32\shutdown.exe" -s -t 2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2772
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2752
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2684-37-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2752-36-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB

        Download