Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16-01-2023 09:36
Static task
static1
Behavioral task
behavioral1
Sample
9a636854eb16b6ae20d0152747ccdc87.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
9a636854eb16b6ae20d0152747ccdc87.exe
-
Size
276KB
-
MD5
9a636854eb16b6ae20d0152747ccdc87
-
SHA1
839ad2590dc91881058abf89c41cdde28e3c40ed
-
SHA256
730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc
-
SHA512
d5b88e441a3c609ad59fbc50472d8ae5114543832109532c8d1e9dbf015b2e63b33227cbd904689ea8e2ce308dd8e65d61cfedfa3eae23696d0de3a5d9d2761f
-
SSDEEP
6144:mb3KmLONhPwiKPAQTtIEAZ00Fs9s9eWd5zU4zqQna:mb33iN1wNtIEAbzb5zFP
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1788-54-0x0000000076321000-0x0000000076323000-memory.dmpFilesize
8KB
-
memory/1788-55-0x00000000004DE000-0x00000000004F8000-memory.dmpFilesize
104KB
-
memory/1788-56-0x00000000002A0000-0x00000000002CA000-memory.dmpFilesize
168KB
-
memory/1788-57-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB
-
memory/1788-58-0x00000000004DE000-0x00000000004F8000-memory.dmpFilesize
104KB
-
memory/1788-59-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB