Overview

overview

10

Static

static

3

1be1eb3fc9...a3.exe

windows7-x64

10

1be1eb3fc9...a3.exe

windows10-2004-x64

10

3b29f95096...37.exe

windows7-x64

10

3b29f95096...37.exe

windows10-2004-x64

10

69cebec49a...97.exe

windows7-x64

10

69cebec49a...97.exe

windows10-2004-x64

10

cb3cd1f7db...e4.exe

windows7-x64

10

cb3cd1f7db...e4.exe

windows10-2004-x64

10

e164c86cf3...9b.exe

windows7-x64

1

e164c86cf3...9b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2023 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e164c86cf3eead4541a719f3cc5f08a7f0b36384fb8e95098116acadad23a69b.exe

  • Size

    3.2MB

  • MD5

    f23d61d5ff249493e4b55e0690d7b3e4

  • SHA1

    a6eccac18cc49aa7fe3863afb24d3975a5cf30a8

  • SHA256

    e164c86cf3eead4541a719f3cc5f08a7f0b36384fb8e95098116acadad23a69b

  • SHA512

    1782f63dc64baaf47d00ad0f8cf7d04587f8da2656aedf580147387df65b9481e4fdd7a4e34c6f01dfbefc4815d42a994dc7e6e065c84d2cf9821e602ac2446f

  • SSDEEP

    49152:3osVZWC0R4XRbTaDmixqWsOFQlrYQBDcLatzB+L0iVBH+nBz0I7C:3Z0RkRbTaDmcsOFQpEwIN+d0n

Score
10/10
lummaspywarestealer

Malware Config

Signatures

  • Detect Lumma Stealer payload V2 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e164c86cf3eead4541a719f3cc5f08a7f0b36384fb8e95098116acadad23a69b.exe
    "C:\Users\Admin\AppData\Local\Temp\e164c86cf3eead4541a719f3cc5f08a7f0b36384fb8e95098116acadad23a69b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3576-6-0x00000000059D0000-0x0000000005A38000-memory.dmp

    Filesize

    416KB

    Download

  • memory/3576-8-0x0000000006060000-0x0000000006604000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3576-2-0x0000000005060000-0x0000000005070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3576-3-0x0000000002A80000-0x0000000002A8E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3576-4-0x0000000005870000-0x00000000058F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3576-5-0x0000000005960000-0x00000000059C8000-memory.dmp

    Filesize

    416KB

    Download

  • memory/3576-1-0x0000000075240000-0x00000000759F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3576-7-0x0000000005A40000-0x0000000005A8C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3576-0-0x0000000000510000-0x000000000077A000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3576-13-0x0000000075240000-0x00000000759F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3920-9-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3920-12-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3920-11-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3920-14-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3920-15-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download