Analysis
-
max time kernel
169s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
16-01-2023 08:23
General
-
Target
730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc.exe
-
Size
276KB
-
MD5
9a636854eb16b6ae20d0152747ccdc87
-
SHA1
839ad2590dc91881058abf89c41cdde28e3c40ed
-
SHA256
730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc
-
SHA512
d5b88e441a3c609ad59fbc50472d8ae5114543832109532c8d1e9dbf015b2e63b33227cbd904689ea8e2ce308dd8e65d61cfedfa3eae23696d0de3a5d9d2761f
-
SSDEEP
6144:mb3KmLONhPwiKPAQTtIEAZ00Fs9s9eWd5zU4zqQna:mb33iN1wNtIEAbzb5zFP
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc.exe"C:\Users\Admin\AppData\Local\Temp\730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 13482⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1300 -ip 13001⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1300-132-0x00000000006DE000-0x00000000006F8000-memory.dmpFilesize
104KB
-
memory/1300-133-0x00000000005F0000-0x000000000061A000-memory.dmpFilesize
168KB
-
memory/1300-134-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB
-
memory/1300-135-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB