Analysis
-
max time kernel
135s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-03-2023 13:04
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
General
-
Target
file.exe
-
Size
835KB
-
MD5
80635e12fd377ff9f529df0e2578c9a4
-
SHA1
8527f4c438eab88e7e12033b26f06155a589c3f9
-
SHA256
6e220d27e71466ae30fb1cf78f2034274accbcf0441b3d9499685655d912cda1
-
SHA512
7801b3a68ad665c2baf7bfae300e019190657f3cbe92c500410d390c543d9f2de85786fa572bea7fe4610207b2ac47ac523332fa9d7787cf3d8b6e0517dcfc78
-
SSDEEP
24576:KzYznMvtC7W6csN+HOKSiXnWtyvqCXq1OP5cWA:Kzc97NcG+H+iXgLh1Q+WA
Malware Config
Extracted
lumma
82.117.255.80
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3864 3840 WerFault.exe file.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 9882⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3840 -ip 38401⤵