lumma | 81b2dcbb79c2896141772043e55e5a6c667c16f4fa3e387ac308268c192f9c8a

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 18:38

Target

file.exe
Size

489KB
MD5

fe86be485d9e49178ca5ce3677e38cd6
SHA1

3e126d8c8edb2043d3d2b2c3a6ff87d8df522e9e
SHA256

81b2dcbb79c2896141772043e55e5a6c667c16f4fa3e387ac308268c192f9c8a
SHA512

542c589c5aeb4973afbab9bff28545fe30d405d827c9e25f3c07bdc2f53d8590d253c7732023ae06452be4d6f6c927f4d423626019a8df29152028b3516c53d8
SSDEEP

6144:1V25Uzen4/t7rXvHcHwjrp9aCrfieuSvL1VHu1bRiUMTbbKVRX2e:1o5Uze4dgIfrNPvLe1li1TfK

Score

10^/10

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1648	2772	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 20 IoCs

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 2936
  2⤵
  - Program crash
  PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2772 -ip 2772
1⤵
PID:4060

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2772-134-0x0000000002570000-0x0000000002670000-memory.dmp

Filesize
1024KB

Download
memory/2772-135-0x00000000024D0000-0x0000000002532000-memory.dmp

Filesize
392KB

Download
memory/2772-136-0x0000000000400000-0x0000000002321000-memory.dmp

Filesize
31.1MB

Download
memory/2772-137-0x0000000000400000-0x0000000002321000-memory.dmp

Filesize
31.1MB

Download
memory/2772-138-0x0000000002570000-0x0000000002670000-memory.dmp

Filesize
1024KB

Download
memory/2772-139-0x00000000024D0000-0x0000000002532000-memory.dmp

Filesize
392KB

Download