Overview

overview

10

Static

static

3

0a5f5d6d13...0f.exe

windows7-x64

10

0a5f5d6d13...0f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a5f5d6d13e30b61ffab77cb54fc370f.exe

  • Size

    78KB

  • MD5

    0a5f5d6d13e30b61ffab77cb54fc370f

  • SHA1

    5274e1cadb3fa76edafff8a68f4c7946af671823

  • SHA256

    cab5c8a281ec3e6eb8a095054de0110d9271b9f7dff1fd416ff50f79ff62d399

  • SHA512

    9f28df9398c50e67af1c0a38dff19cdcc6bd41d517afd5d5f2428949afe2932a403aea422ac181780f441ebf40101435fcb050fd3ef8ab977be943a8f74ca811

  • SSDEEP

    1536:atMhIlpDgSin/KQOS2123r0f83531/ImSaQ5TuPyxEpgTH9vbTMGxq:atnlpDgSinidJED3J1/I3aQchgTHJbTu

Score
10/10
lummapersistencestealer

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 4 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a5f5d6d13e30b61ffab77cb54fc370f.exe
    "C:\Users\Admin\AppData\Local\Temp\0a5f5d6d13e30b61ffab77cb54fc370f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\winupdate.exe
      C:\Windows\winupdate.exe 456 "C:\Users\Admin\AppData\Local\Temp\0a5f5d6d13e30b61ffab77cb54fc370f.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\winupdate.exe
    Filesize

    7KB

    MD5

    3e7c9cfa2a939edcd2304c949cd584fe

    SHA1

    76fca37afcff3556e5373010a4865a5ded0fbf50

    SHA256

    80ea20ebf1ad842ffed5d1fe79e55412da35185ee58b6cfade056274827d0f5c

    SHA512

    d067f331a23ee276f5d4e4e6ded4cb91384da3494fa22738265be84b1859b43d39bd9e2f71390f366bcd07ff4937a9f925ab6f9af45a9daac02975bd856df41b

    Download Submit

  • C:\Windows\winupdate.exe
    Filesize

    10KB

    MD5

    38e42269e482b25e7b7222b72a642956

    SHA1

    39f5f562104274ec3d5879b9ff12571c4143a145

    SHA256

    89ab6d3ba226fa6e7bfff8d1a061604eeb51ce5e5df95f4482f8ce74299499ac

    SHA512

    5c4cb5db11138f89d112b9a1da27de77911d0920d4b0b4faae5e9156451656a7544bec0d778c49d17dab3ae68fb2f2183ebc304325a3323719d6da8af9620e6b

    Download Submit

  • C:\Windows\winupdate.exe
    Filesize

    34KB

    MD5

    f62b76d989e33005073c762ac6a3d85d

    SHA1

    edd800c6253aa826de0085cc77d17ab259b6f6e5

    SHA256

    bc4c2ea2f9eb4ff016b9c0c7bb539f0aa0edcc53c181dadd6ec136f49589334b

    SHA512

    6ebb14a7d3686692f56a7bc709969d0bb69246b85a625959edfce92d8363fa9f929f0255021393183e38df78123a57750ead1dd9c4d31f7a407f49ab43c26f7c

    Download Submit

  • memory/2520-8-0x0000000002830000-0x00000000028BE000-memory.dmp

    Filesize

    568KB

    Download

  • memory/2520-11-0x0000000000400000-0x000000000048D91E-memory.dmp

    Filesize

    566KB

    Download

  • memory/2520-0-0x0000000000400000-0x000000000048D91E-memory.dmp

    Filesize

    566KB

    Download

  • memory/2888-9-0x0000000000400000-0x000000000048D91E-memory.dmp

    Filesize

    566KB

    Download

  • memory/2888-10-0x0000000000400000-0x000000000048D91E-memory.dmp

    Filesize

    566KB

    Download

  • memory/2888-12-0x0000000000400000-0x000000000048D91E-memory.dmp

    Filesize

    566KB

    Download