Analysis

  • max time kernel
    76s
  • max time network
    193s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-02-2024 04:50

General

  • Target

    a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d.exe

  • Size

    5.6MB

  • MD5

    479342d62078aaf31881972c7574f6f2

  • SHA1

    382fa9a95746ca6199e7dfb9ae2bd035f4000fb4

  • SHA256

    a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d

  • SHA512

    0e74e3e0b993968220e712ffd94a76c00d35f0452494d62b3f6780c80cc0cae2e9982978830c54bed3a57d17a5a84abbdc4c0cbb5961afcae785048ac4ac47da

  • SSDEEP

    98304:VtiVJmQPallXIjrii0nu3m2RwJhsyJExbHMLex0ATwhdgY4m9g7iVyfiC1ql0u7C:+nmEalSMnuJwJhsyCxbtOATwXvwFiCau

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://resergvearyinitiani.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d.exe
    "C:\Users\Admin\AppData\Local\Temp\a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2224-0-0x0000000001180000-0x0000000001C57000-memory.dmp

    Filesize

    10.8MB

  • memory/2224-5-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

  • memory/2224-7-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

  • memory/2224-6-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

  • memory/2224-9-0x0000000000E60000-0x0000000000E61000-memory.dmp

    Filesize

    4KB

  • memory/2224-10-0x0000000000E70000-0x0000000000E71000-memory.dmp

    Filesize

    4KB

  • memory/2224-8-0x0000000001180000-0x0000000001C57000-memory.dmp

    Filesize

    10.8MB

  • memory/2224-11-0x0000000000E80000-0x0000000000E81000-memory.dmp

    Filesize

    4KB

  • memory/2224-12-0x0000000000E90000-0x0000000000E91000-memory.dmp

    Filesize

    4KB

  • memory/2224-13-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

    Filesize

    4KB

  • memory/2224-14-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

    Filesize

    4KB

  • memory/2224-15-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

    Filesize

    4KB

  • memory/2224-16-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

    Filesize

    4KB

  • memory/2224-18-0x0000000000F00000-0x0000000000F01000-memory.dmp

    Filesize

    4KB

  • memory/2224-17-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

    Filesize

    4KB

  • memory/2224-19-0x0000000000F10000-0x0000000000F11000-memory.dmp

    Filesize

    4KB

  • memory/2224-20-0x0000000000F20000-0x0000000000F21000-memory.dmp

    Filesize

    4KB

  • memory/2224-21-0x0000000000F30000-0x0000000000F31000-memory.dmp

    Filesize

    4KB

  • memory/2224-22-0x0000000000F40000-0x0000000000F41000-memory.dmp

    Filesize

    4KB

  • memory/2224-24-0x0000000001180000-0x0000000001C57000-memory.dmp

    Filesize

    10.8MB

  • memory/2224-25-0x0000000000F50000-0x0000000001050000-memory.dmp

    Filesize

    1024KB

  • memory/2224-26-0x0000000000740000-0x0000000000780000-memory.dmp

    Filesize

    256KB

  • memory/2224-27-0x0000000000740000-0x0000000000780000-memory.dmp

    Filesize

    256KB

  • memory/2224-28-0x0000000000740000-0x0000000000780000-memory.dmp

    Filesize

    256KB

  • memory/2224-29-0x0000000000740000-0x0000000000780000-memory.dmp

    Filesize

    256KB

  • memory/2224-30-0x0000000001180000-0x0000000001C57000-memory.dmp

    Filesize

    10.8MB