Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2024, 03:48
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
a2195e33f9d07b54de351fbb9c706c11f1b49f08a4d6c380d40081539a43a5bb.exe
Resource
win7-20231215-en
0 signatures
150 seconds
General
-
Target
a2195e33f9d07b54de351fbb9c706c11f1b49f08a4d6c380d40081539a43a5bb.exe
-
Size
585KB
-
MD5
43d5a90d51cb54496209f33d444de007
-
SHA1
ccfa851b610f67c0d7218f4b7093cc7e59283456
-
SHA256
a2195e33f9d07b54de351fbb9c706c11f1b49f08a4d6c380d40081539a43a5bb
-
SHA512
88a5b6e32c6674c42a5931b5061ebe3a27a6f880eb0444e7e61bab592808adf3797a92d04cba786f53e89333745e21e1fe2d13ac2396a28725cb330d0d92d882
-
SSDEEP
12288:xMLjyr2TZ9l1V7qArW36xjKUyNBWdG6sQDu9Rm5Rg/LIqG2VB6:xYjbNL1oeqkG8u9lpBz
Malware Config
Extracted
Family
lumma
C2
https://goddirtybrilliancece.fun/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2195e33f9d07b54de351fbb9c706c11f1b49f08a4d6c380d40081539a43a5bb.exe"C:\Users\Admin\AppData\Local\Temp\a2195e33f9d07b54de351fbb9c706c11f1b49f08a4d6c380d40081539a43a5bb.exe"1⤵PID:3004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 10842⤵
- Program crash
PID:788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 6722⤵
- Program crash
PID:3096
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3004 -ip 30041⤵PID:3480
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3004 -ip 30041⤵PID:1704