lumma | 42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

Resubmissions

07/01/2024, 18:26

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 18:26

Target

Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
Size

32.7MB
MD5

d387e9154b7e93b35429a2a5e86b3571
SHA1

e85d7e95e4412265baf4154d528923c127620253
SHA256

dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64
SHA512

57ab4dc4769b7d30a3f26213effa9d280b3a8f17498a78728638f07c4d28febff2d360e0da4fe06e1fbd9a70203872857e3b1a98ac9f904ddd7bac175ffa80ff
SSDEEP

786432:kqmCRMv9czxZwPauDyfY+9mCRMv9czxZwPauDyfYH:kqmCRMylAauiY+9mCRMylAauiYH

Score

10^/10

lumma stealer

Family

lumma

http://zamesblack.fun/api

Detect Lumma Stealer payload V4 3 IoCs

resource	yara_rule
behavioral23/memory/3048-10-0x0000000000400000-0x0000000000480000-memory.dmp	family_lumma_v4
behavioral23/memory/3048-16-0x0000000000400000-0x0000000000480000-memory.dmp	family_lumma_v4
behavioral23/memory/3048-14-0x0000000000400000-0x0000000000480000-memory.dmp	family_lumma_v4

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1660 set thread context of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1872	3048	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 1660 wrote to memory of 3048	1660	dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe	28
PID 3048 wrote to memory of 1872	3048	calc.exe	33
PID 3048 wrote to memory of 1872	3048	calc.exe	33
PID 3048 wrote to memory of 1872	3048	calc.exe	33
PID 3048 wrote to memory of 1872	3048	calc.exe	33

memory/1660-15-0x0000000073D30000-0x000000007441E000-memory.dmp

Filesize
6.9MB

Download
memory/1660-6-0x0000000005040000-0x0000000005080000-memory.dmp

Filesize
256KB

Download
memory/1660-5-0x0000000005040000-0x0000000005080000-memory.dmp

Filesize
256KB

Download
memory/1660-8-0x00000000028C0000-0x00000000028DA000-memory.dmp

Filesize
104KB

Download
memory/1660-9-0x0000000005080000-0x0000000005122000-memory.dmp

Filesize
648KB

Download
memory/1660-0-0x00000000023B0000-0x000000000246A000-memory.dmp

Filesize
744KB

Download
memory/1660-7-0x00000000027A0000-0x00000000027A8000-memory.dmp

Filesize
32KB

Download
memory/1660-4-0x0000000005040000-0x0000000005080000-memory.dmp

Filesize
256KB

Download
memory/1660-3-0x0000000073D30000-0x000000007441E000-memory.dmp

Filesize
6.9MB

Download
memory/1660-2-0x0000000005140000-0x00000000051F6000-memory.dmp

Filesize
728KB

Download
memory/3048-10-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3048-16-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3048-14-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download