Overview

overview

10

Static

static

3

Installer-...ed.zip

windows7-x64

1

Installer-...ed.zip

windows10-1703-x64

1

Installer-...ed.zip

windows10-2004-x64

1

Installer-...ed.zip

windows11-21h2-x64

1

Installer-...ed.zip

macos-10.15-amd64

1

Installer-...ed.zip

debian-9-armhf

Installer-...ed.zip

debian-9-mips

Installer-...ed.zip

debian-9-mipsel

Installer-...ed.zip

ubuntu-18.04-amd64

0x000a0000...53.exe

windows7-x64

1

0x000a0000...53.exe

windows10-1703-x64

8

0x000a0000...53.exe

windows10-2004-x64

10

0x000a0000...53.exe

windows11-21h2-x64

8

0x000a0000...53.exe

macos-10.15-amd64

1

0x000a0000...53.exe

debian-9-armhf

0x000a0000...53.exe

debian-9-mips

0x000a0000...53.exe

debian-9-mipsel

0x000a0000...53.exe

ubuntu-18.04-amd64

Resubmissions

17-02-2024 23:23

240217-3db79scb75 3

17-02-2024 05:08

240217-fsz7baca54 10

Analysis

  • max time kernel
    89s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-02-2024 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000a000000023656-53.exe

  • Size

    686.9MB

  • MD5

    3abe8b51f5087787b9c121b10f37108b

  • SHA1

    4cb1fc54dc24f175c744a958e74ff84b5fb16d4e

  • SHA256

    7ba93fe544def71fa435ae70911356845d19d5fcee1df71369aa537fe848c5d5

  • SHA512

    fcee37f1e56aed457f71aa0c54f320e28a308c002d639bcd424389cb464ce18103746b470456f5824b28d079cead670bdcb8d691d8bed864544ffbfe2c75fed4

  • SSDEEP

    1572864:jnhUzyh7u4k9pJmoLKAwhzTICA8VjcDJSx:jnikUDUzPAUj3x

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://gemcreedarticulateod.shop/api

https://secretionsuitcasenioise.shop/api

https://claimconcessionrebe.shop/api

https://liabilityarrangemenyit.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Blocklisted process makes network request 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 24 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000a000000023656-53.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000a000000023656-53.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4800
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
          PID:2564
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 1028
            4⤵
            • Program crash
            PID:3020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2564 -ip 2564
      1⤵
        PID:3668

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iy13o0uq.4ox.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • memory/2564-46-0x000000000E970000-0x000000000EA06000-memory.dmp

        Filesize

        600KB

        Download

      • memory/2564-44-0x000000000ECB0000-0x000000000ECE2000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2564-41-0x000000000ECB0000-0x000000000ECE2000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2564-43-0x000000000ECB0000-0x000000000ECE2000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2564-42-0x000000000ECB0000-0x000000000ECE2000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2564-40-0x000000000E970000-0x000000000EA06000-memory.dmp

        Filesize

        600KB

        Download

      • memory/4748-9-0x0000000048B60000-0x0000000048BFC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4748-8-0x0000000030C80000-0x0000000030CE6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4748-0-0x0000000074B30000-0x00000000752E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4748-10-0x0000000030770000-0x0000000030780000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4748-48-0x0000000074B30000-0x00000000752E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4748-1-0x0000000000E10000-0x0000000001E10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/4748-2-0x0000000030770000-0x0000000030780000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4748-3-0x0000000030D30000-0x00000000312D4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4748-4-0x0000000030780000-0x0000000030812000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4748-5-0x00000000309D0000-0x0000000030B76000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4748-6-0x0000000030730000-0x000000003073A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4748-7-0x0000000074B30000-0x00000000752E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4800-30-0x0000000006E20000-0x0000000006E64000-memory.dmp

        Filesize

        272KB

        Download

      • memory/4800-36-0x0000000015AA0000-0x0000000015AC2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4800-29-0x00000000068E0000-0x000000000692C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4800-27-0x00000000062A0000-0x00000000065F4000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4800-31-0x0000000002F90000-0x0000000002FA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4800-32-0x0000000007BA0000-0x0000000007C16000-memory.dmp

        Filesize

        472KB

        Download

      • memory/4800-33-0x00000000082A0000-0x000000000891A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/4800-34-0x0000000007C40000-0x0000000007C5A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4800-35-0x0000000007F50000-0x0000000008060000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4800-28-0x00000000068A0000-0x00000000068BE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/4800-37-0x0000000002F90000-0x0000000002FA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4800-17-0x00000000061C0000-0x0000000006226000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4800-16-0x00000000059D0000-0x00000000059F2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4800-15-0x0000000005B20000-0x0000000006148000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/4800-14-0x0000000002F90000-0x0000000002FA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4800-13-0x0000000002F90000-0x0000000002FA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4800-45-0x0000000074B30000-0x00000000752E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4800-12-0x0000000074B30000-0x00000000752E0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4800-11-0x0000000002F50000-0x0000000002F86000-memory.dmp

        Filesize

        216KB

        Download