Analysis Overview
SHA256
fffabf2e484ecea856812eb5a28ef557fc2b80ffa0af06bcb9ed8c1707c1396e
Threat Level: Known bad
The file 7fcc1dc3ce97bee84af0aa37369f1da1.bin was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Program crash
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-15 03:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-15 03:09
Reported
2024-01-15 03:12
Platform
win7-20231129-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe
"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-15 03:09
Reported
2024-01-15 03:12
Platform
win10v2004-20231215-en
Max time kernel
91s
Max time network
150s
Command Line
Signatures
Lumma Stealer
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe
"C:\Users\Admin\AppData\Local\Temp\cef6ac9db0b924e1099909d7b640152cec535e8b1ac050fa0083609ee6d59d5e.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3024 -ip 3024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 1092
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | copyexpertisesausewaverw.site | udp |
| US | 104.21.67.126:443 | copyexpertisesausewaverw.site | tcp |
| US | 8.8.8.8:53 | 126.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goddirtybrilliancece.fun | udp |
| US | 104.21.85.88:443 | goddirtybrilliancece.fun | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/3024-0-0x0000000000D50000-0x0000000000D51000-memory.dmp
memory/3024-1-0x0000000000D50000-0x0000000000D51000-memory.dmp
memory/3024-2-0x0000000000D50000-0x0000000000D51000-memory.dmp