lumma | 0a53ab41b2eac9f9643de44c797f79103c37bf434a788c1b66a266d115b30fe8

Analysis

max time kernel
234s
max time network
242s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16-01-2023 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe
Size

276KB
MD5

930f2ceba3c8821110756aa19b395676
SHA1

d2430e3e8dc6c193a90ef93da218c10f830e4395
SHA256

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d
SHA512

dc6d093585e171ca366863cce09722e71e3718c8bab6d4432f92ccea6c926191bfbf5a0b7eb570189e070c4c8ca962a504e02f04661d6e3703efa642bec980d7
SSDEEP

6144:O6o0eLFcKPqdWge8I9h/e8DVr+HJYloDU4zqQna:O6o55cQqoF8ILRr+HJYloDFP

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4132 4044 WerFault.exe d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe

pid	pid_target	process	target process
4132	4044	WerFault.exe	d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe

C:\Users\Admin\AppData\Local\Temp\d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe
"C:\Users\Admin\AppData\Local\Temp\d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe"
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 800
2⤵
- Program crash
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4044 -ip 4044
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4044-132-0x00000000006AF000-0x00000000006C9000-memory.dmp

Filesize
104KB

Download
memory/4044-133-0x0000000000660000-0x000000000068A000-memory.dmp

Filesize
168KB

Download
memory/4044-134-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4044-135-0x00000000006AF000-0x00000000006C9000-memory.dmp

Filesize
104KB

Download
memory/4044-136-0x0000000000660000-0x000000000068A000-memory.dmp

Filesize
168KB

Download
memory/4044-137-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download