Analysis
-
max time kernel
111s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
16-01-2023 12:15
General
-
Target
f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe
-
Size
248KB
-
MD5
3d92131e50a1b8aa8e84e987059bf2d3
-
SHA1
6e0d66119ac618710e2dd1c81e340d079d053304
-
SHA256
f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271
-
SHA512
1d2fc9c7569e169b0179c36a636923444e0ca45ab4360ee834a921d9a45a2357c2cc0011fd99c73b02bfe67405cebf3dc388b4a1efe80fb3518ec9fa8dc75500
-
SSDEEP
3072:kXWRuxPtPXxs55ZtwvBhSRDiCtOXRrO3Qeen/ZJeQNBMm57i:gPXoP5POX5w2ZYMBf5
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe"C:\Users\Admin\AppData\Local\Temp\f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 13602⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4400 -ip 44001⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4400-132-0x0000000002C98000-0x0000000002CB2000-memory.dmpFilesize
104KB
-
memory/4400-133-0x00000000048E0000-0x000000000490A000-memory.dmpFilesize
168KB
-
memory/4400-134-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB
-
memory/4400-135-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB