Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
16-01-2023 09:38
General
-
Target
73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5.exe
-
Size
248KB
-
MD5
d4371171249f45f3af6095825378c055
-
SHA1
7c38214ddc9fdf6598f5247272997dd682147717
-
SHA256
73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5
-
SHA512
96f1118afbc83d3738ac00e4b9b9e08f9773fa47edcd422d9951168341f61a63c1e388d775595a23325b6a227a0704a333de14855286cc7a13bc37406b8aba22
-
SSDEEP
3072:cYXykb1N+5d5bGN9i8olYgxTNsRUd62GSHfSokyxMTZrVwb+sbi:cs9N+ZGNZFgxTN8c629/SokwMFr
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5.exe"C:\Users\Admin\AppData\Local\Temp\73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5.exe"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/828-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmpFilesize
8KB
-
memory/828-55-0x0000000002D0B000-0x0000000002D25000-memory.dmpFilesize
104KB
-
memory/828-56-0x0000000000220000-0x000000000024A000-memory.dmpFilesize
168KB
-
memory/828-57-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB
-
memory/828-58-0x0000000002D0B000-0x0000000002D25000-memory.dmpFilesize
104KB
-
memory/828-59-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB