18838910634c5684dfaca94d9620316cf7ce21e85bf5a53409060a77de3c49fd | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-01-2025 13:23

Sharing

Report Analysis Logs

General

Target

Lunaris Executor/sycl6.dll
Size

3.7MB
MD5

29cc5a0c895cf6f3ab4631eed6d3de96
SHA1

3f8f9d44e400900e99eaa5cfb585fc5e381e4949
SHA256

8d0f9d6fd405525301c10242dd748f7cd37cb1b811fad2913470aff47ffd83b1
SHA512

b26556118e510f035b3756dbd49c9688333ac1169a54acb7cee56f697b88097e9d239e751e8521e311774b455b6c03429e622904f2fe13a13b924f0ac721ae62
SSDEEP

49152:tauP/S5Y+++UZAammx4uJHlnOIN9hke8/m3oBosvPEcGRu:Ttv6zDJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2300	2332	rundll32.exe	30
PID 2332 wrote to memory of 2300	2332	rundll32.exe	30
PID 2332 wrote to memory of 2300	2332	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lunaris Executor\sycl6.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2332 -s 88
  2⤵
  PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads