Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.2MB

  • MD5

    36d4a7ec6a9ad04aa447dda96ed21611

  • SHA1

    0b1e924be77688d3f2171bf36bd420f5c60d5805

  • SHA256

    696808a3a7971c3af2b8a5e69803fd45c7480da8fa42711491c608d583ff4f56

  • SHA512

    407e3ac77fac97cebb89aa2f99af807c9edd91aca1fbc3523aea63a60adf4d37056889dbfeae7a072a96066d11bd695f6e1001452376a9aa15fe4b9671ffe1b3

  • SSDEEP

    24576:sDWv+KX/VnxU/wcXbtmRodFpVjv27dTtNcbORbRt648:8WRFxkwcp1VgdsbybR8F

Score
10/10
lummastealer

Malware Config

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\file.pdf"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\file.pdf
    Filesize

    33KB

    MD5

    f68806880a0cce14ff71af5e1d86431e

    SHA1

    745509362afa950e7792fc18d7680aa8d4fc88ce

    SHA256

    e062309059c40578567e37779f7650b32113cc9306cbf86cea00e33674fd9f10

    SHA512

    dea0bad3941c2616d5ff4128f07465a8a6ca72470a66ea7306460d762f976ed4a6480ca3a280e1ffbd8ada575a1ba78e341ad1d96a50618f0df8151531ebf3e1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a8bfd964afd8d9fa80cccfc08bfe5d3f

    SHA1

    da09c6b0ef65ae7ce116ce04825a5be4805ceb44

    SHA256

    60e457139fc00cc96b6a64a27136ee2a92d8f7ab265a2a55ef7c05b3c027f9ac

    SHA512

    1fbd84d83fe6427075a5f83b58226653648694b1f8723b438562a35af1ce0b1e3ef4986805fb8d2d7a2183db8df5211c5e06353707546986513c2dc4a4851744

    Download Submit

  • memory/2004-53-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2004-72-0x0000000003270000-0x0000000003305000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2004-74-0x0000000000400000-0x0000000000540000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-75-0x0000000000400000-0x0000000000540000-memory.dmp

    Filesize

    1.2MB

    Download