lumma | 62bcfa2778531cfd612c144bb77ec91e16660af5de2192aca0848616b3791c05

Analysis

max time kernel
127s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2023 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChromerUpdaters.exe
Size

4.1MB
MD5

f3e0d472ca4f54f3f9d5594df385ce09
SHA1

36609922e1f7e9134fd7d77f88d449aa4676fc2f
SHA256

e138c56b6f9c968e96e0a614353a9b984139159e68abcbd3f69cdcf4f1419792
SHA512

9f06028ea9fc330d66b37246b3f91beb744ccc1fde987f21974c3ea5626d7f2aebcd1e5d0e44517cdcd81f996d1d8c35f60f83de6f6d1f6ead9c1a91126e2df9
SSDEEP

98304:ctEX1YiOuMl3yKyDihojFrznth/cj02Sc2SiR:cNh3rIpj/qd

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 232 set thread context of 1300	232	ChromerUpdaters.exe	85

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4660	1300	WerFault.exe	85

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	232	ChromerUpdaters.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85
PID 232 wrote to memory of 1300	232	ChromerUpdaters.exe	85

C:\Users\Admin\AppData\Local\Temp\ChromerUpdaters.exe
"C:\Users\Admin\AppData\Local\Temp\ChromerUpdaters.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
  #cmd
  2⤵
  PID:1300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 1284
    3⤵
    - Program crash
    PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1300 -ip 1300
1⤵
PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/232-0-0x000001DD98BD0000-0x000001DD98FF4000-memory.dmp

Filesize
4.1MB

Download
memory/232-1-0x00007FFC6D1B0000-0x00007FFC6DC71000-memory.dmp

Filesize
10.8MB

Download
memory/232-2-0x000001DD9ACE0000-0x000001DD9ACF0000-memory.dmp

Filesize
64KB

Download
memory/232-3-0x000001DD993A0000-0x000001DD993A1000-memory.dmp

Filesize
4KB

Download
memory/232-4-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-5-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-7-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-9-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-11-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-13-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-15-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-17-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-19-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-21-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-23-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-25-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-27-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-29-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-31-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-33-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-35-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-37-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-39-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-41-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-43-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-45-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-47-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-49-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-51-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-53-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-55-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-57-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-59-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-63-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-61-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-65-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-67-0x000001DD9AC10000-0x000001DD9ACB3000-memory.dmp

Filesize
652KB

Download
memory/232-1272-0x00007FFC6D1B0000-0x00007FFC6DC71000-memory.dmp

Filesize
10.8MB

Download
memory/232-1273-0x000001DD993D0000-0x000001DD993D1000-memory.dmp

Filesize
4KB

Download
memory/232-1274-0x000001DD9ACE0000-0x000001DD9ACF0000-memory.dmp

Filesize
64KB

Download
memory/232-1278-0x00007FFC6D1B0000-0x00007FFC6DC71000-memory.dmp

Filesize
10.8MB

Download
memory/1300-1280-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1300-1281-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads