Analysis
-
max time kernel
94s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/01/2024, 12:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SoftWare.exe
Resource
win7-20231129-en
0 signatures
150 seconds
General
-
Target
SoftWare.exe
-
Size
771KB
-
MD5
0bdf2b304a1bb9f97d49fe152905e58c
-
SHA1
f89a3366e5a43bfb3a0c240c9dee385dbfeef5a4
-
SHA256
816083916a2e024020ca5ddcc3b7717375ffe701bf988c5e2399873114c178be
-
SHA512
4bd25a62a1b207236e37f45b44b0dcb29aeb3478baf85dbbeec49d1028a79a33e7b972da01a04dbdf69171508c64e16d4237fe1c4f7d9367a46a3a768cef44f6
-
SSDEEP
12288:ZUrYCBGw09oXLmS66I6yZK2SeQMZ2i04L4MiOzF39aX3eXXyL3:JWGw0DF6I6yZjSk2Xw4MiOzFtaX3giL
Malware Config
Extracted
Family
lumma
C2
https://goddirtybrilliancece.fun/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"1⤵PID:1784
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 11082⤵
- Program crash
PID:4948
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 11082⤵
- Program crash
PID:4016
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1784 -ip 17841⤵PID:5060
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1784 -ip 17841⤵PID:4360
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1784 -ip 17841⤵PID:2624