Malware Analysis Report

2025-06-15 19:52

Sample ID 240115-dnq2qsgcar
Target 7fcc1dc3ce97bee84af0aa37369f1da1.bin
SHA256 fffabf2e484ecea856812eb5a28ef557fc2b80ffa0af06bcb9ed8c1707c1396e
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fffabf2e484ecea856812eb5a28ef557fc2b80ffa0af06bcb9ed8c1707c1396e

Threat Level: Known bad

The file 7fcc1dc3ce97bee84af0aa37369f1da1.bin was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Program crash

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-15 03:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-15 03:09

Reported

2024-01-15 03:12

Platform

win7-20231129-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe

"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-15 03:09

Reported

2024-01-15 03:12

Platform

win10v2004-20231215-en

Max time kernel

91s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe

"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3024 -ip 3024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 1092

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 182.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 82.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 copyexpertisesausewaverw.site udp
US 104.21.67.126:443 copyexpertisesausewaverw.site tcp
US 8.8.8.8:53 126.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 goddirtybrilliancece.fun udp
US 104.21.85.88:443 goddirtybrilliancece.fun tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/3024-0-0x0000000000D50000-0x0000000000D51000-memory.dmp

memory/3024-1-0x0000000000D50000-0x0000000000D51000-memory.dmp

memory/3024-2-0x0000000000D50000-0x0000000000D51000-memory.dmp