Analysis
-
max time kernel
111s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
13-01-2023 23:57
General
-
Target
ffb1aeceb3be0c0e340e56bf7b80b4feb8e6510361a7f19f906ece37f554c5dd.exe
-
Size
284KB
-
MD5
a1aa0b8f906fdf14635adf81e9718276
-
SHA1
7d7403122f654b70415bb4cc4a7cfe06c4623dc0
-
SHA256
ffb1aeceb3be0c0e340e56bf7b80b4feb8e6510361a7f19f906ece37f554c5dd
-
SHA512
ee1ca7f570b4544a70ac29ac28645d0ec5ac9411ff287040286909050786c434b7bf088fba29ded1e20bb4f8b4526c63ef6f333a593abbc2e445a3aed6101189
-
SSDEEP
6144:OzgbLC1m8m3HDvtki3g33BMum0OiMAtJZ9tzrSA3:OzgbemlrtO34SLZ9P3
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ffb1aeceb3be0c0e340e56bf7b80b4feb8e6510361a7f19f906ece37f554c5dd.exe"C:\Users\Admin\AppData\Local\Temp\ffb1aeceb3be0c0e340e56bf7b80b4feb8e6510361a7f19f906ece37f554c5dd.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 13522⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4880 -ip 48801⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
-
Filesize
168KB
-
Filesize
304KB
-
Filesize
104KB
-
Filesize
304KB