Analysis
-
max time kernel
61s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
16-01-2023 21:26
Static task
static1
General
-
Target
0f5dd9395e62e8246685a24664efe252b7d5a0e4b1c4018422eceaa2c359be55.exe
-
Size
247KB
-
MD5
84b662be15aab4a2a2a6f5bf00ec9681
-
SHA1
f1fe41c79216e52f821313b19ca4d34b83043349
-
SHA256
0f5dd9395e62e8246685a24664efe252b7d5a0e4b1c4018422eceaa2c359be55
-
SHA512
57d20638fe552a8e86d5b658000af6c69867788ecab7c6cb807b344b4c4438c343aaca00d33f36e946a621d38b5c8d9d815c225eb12ba7b769939b009af77c1f
-
SSDEEP
6144:ERuYsLeCAR7QtTmpHXsvCDrjZFGoFu4hmEDHX:ERrs7ACCp3Ckrjj6q
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1084 3668 WerFault.exe 0f5dd9395e62e8246685a24664efe252b7d5a0e4b1c4018422eceaa2c359be55.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f5dd9395e62e8246685a24664efe252b7d5a0e4b1c4018422eceaa2c359be55.exe"C:\Users\Admin\AppData\Local\Temp\0f5dd9395e62e8246685a24664efe252b7d5a0e4b1c4018422eceaa2c359be55.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 13442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3668 -ip 36681⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3668-132-0x000000000077D000-0x0000000000797000-memory.dmpFilesize
104KB
-
memory/3668-133-0x00000000006F0000-0x000000000071A000-memory.dmpFilesize
168KB
-
memory/3668-134-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/3668-135-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB