Overview

overview

10

Static

static

3

lnjector.exe

windows7-x64

3

lnjector.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lnjector.exe

  • Size

    146.9MB

  • MD5

    dafbb6d70ba2780bdc0c83ff7e5b4ad5

  • SHA1

    35038e11db04eb355ae0ded47aa080757a590820

  • SHA256

    08329d73b4f63b765278316cd979171012b4426ff75527da61b1443263b487bf

  • SHA512

    9de7bfa5dfc6d64b813e8af9667612493f3fe3dea35c42d32ce833ab31015fedfa04635d8852be0e63a84846e034066fec13148072c0369992e570af9c54c529

  • SSDEEP

    12288:Qd7i4jrv149y+q3eUn8N7unsFy0QB1Avt7G3c/pFj2TXHgCl2:+ru4TGYHA

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://assumptionflattyou.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lnjector.exe
    "C:\Users\Admin\AppData\Local\Temp\lnjector.exe"
    1⤵
      PID:1712
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/924-14-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-16-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-3-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-1-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-19-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-13-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-18-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-0-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-15-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/924-17-0x0000023A03250000-0x0000023A03251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1712-9-0x0000000000C70000-0x0000000000C71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1712-2-0x0000000000AD0000-0x0000000000B19000-memory.dmp

      Filesize

      292KB

      Download

    • memory/1712-8-0x0000000000C70000-0x0000000000C71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1712-20-0x0000000000AD0000-0x0000000000B19000-memory.dmp

      Filesize

      292KB

      Download