Analysis
-
max time kernel
75s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
13-01-2023 17:55
Static task
static1
Behavioral task
behavioral1
Sample
bfc8b43d4c867e28e5409b7bb74ea79f.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
bfc8b43d4c867e28e5409b7bb74ea79f.exe
-
Size
308KB
-
MD5
bfc8b43d4c867e28e5409b7bb74ea79f
-
SHA1
d720e74f073ccaf61c3a45ea4b09c2da38c3a753
-
SHA256
36a5d6a13251512cbd0b5ea2b9b34c737d03de659532f4a13a6a9523c4a24c72
-
SHA512
84e9bd7089f1cd66dab994997fcb2336d6284eea965832e202d4f70e179cf6e4e9ef8f843cae5a63591a25bd590dd2060820cc707e34574ae736a52006c95e6f
-
SSDEEP
6144:0diaLB6JorGojJon2NleO4SlJZ9tzrSA3N+:0diaAJOrja2Nt1Z9P3
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2380 4156 WerFault.exe bfc8b43d4c867e28e5409b7bb74ea79f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfc8b43d4c867e28e5409b7bb74ea79f.exe"C:\Users\Admin\AppData\Local\Temp\bfc8b43d4c867e28e5409b7bb74ea79f.exe"1⤵PID:4156
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 13602⤵
- Program crash
PID:2380
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4156 -ip 41561⤵PID:628