Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2024, 04:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe
Resource
win7-20231215-en
0 signatures
150 seconds
General
-
Target
5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe
-
Size
572KB
-
MD5
520ba6bb5a6774667921aa17521a9d68
-
SHA1
43a8ee93282d9ba78eac8aa85184b60aaf28c5a8
-
SHA256
5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94
-
SHA512
36a99f2d5ecfde1657f08c1b733290653d8d864e1e5b718b27831c95ef667779c753e6666e8b786fa8a0b24dbb3d5d4d2026680e6c249eeba7d2937aec52aad3
-
SSDEEP
12288:x2KtHwU0K4lvRr26k0BdSgp1IrOEMln7CRRsoDNelak95lx:gKtHwU0h/rBdfuOEY7avDslak95l
Malware Config
Extracted
Family
lumma
C2
https://goddirtybrilliancece.fun/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe"C:\Users\Admin\AppData\Local\Temp\5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe"1⤵PID:3436
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 10762⤵
- Program crash
PID:1136
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3436 -ip 34361⤵PID:6064