Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    08/02/2023, 20:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    857KB

  • MD5

    3d52d171523e07600e30ad60d67fcc45

  • SHA1

    a5d89cb745695d0c0d4b8116bdc9a7b892756b95

  • SHA256

    7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc

  • SHA512

    929867e7a5ae311a3b7ed6a2b973fa17f39bdeb14c953f7dc45805898b8bd2056e97f0bc1ea391fdf1a7e1fc131de24356a331769b52c98aa5a1b8ff32fb2bc1

  • SSDEEP

    24576:vuq/ZM4+TNTXYAlCDuIL0JIYAlCDuIL0rS:6TRIAl3u0JAl3u0r

Score
10/10
lummastealer

Malware Config

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:1588
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
        2⤵
          PID:976

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1588-60-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1588-61-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1588-63-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1588-65-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1588-66-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1588-67-0x0000000000080000-0x00000000000B2000-memory.dmp

              Filesize

              200KB

              Download

            • memory/1812-54-0x0000000000810000-0x00000000008EC000-memory.dmp

              Filesize

              880KB

              Download

            • memory/1812-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1812-56-0x00000000003B0000-0x00000000003E4000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1812-57-0x00000000003E0000-0x00000000003F8000-memory.dmp

              Filesize

              96KB

              Download

            • memory/1812-58-0x00000000004B0000-0x00000000004CA000-memory.dmp

              Filesize

              104KB

              Download

            • memory/1812-59-0x0000000000550000-0x0000000000556000-memory.dmp

              Filesize

              24KB

              Download