Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 22:48
Static task
static1
Behavioral task
behavioral1
Sample
1nstaller.exe
Resource
win7-20240221-en
8 signatures
150 seconds
General
-
Target
1nstaller.exe
-
Size
306KB
-
MD5
b07e22aaa52b91ee83104aa01ff4e917
-
SHA1
a0ec67be3798a2635dbfe068c2ac64bf64945419
-
SHA256
a32091f0369a7cf43e1d12cb0bbaf4263d6aeff67331046e507ca16f85b470f1
-
SHA512
e430cc080743e1240707ef92cf867daf66aec5f73429176ea88dc091919a4019c2815d63023b48902d4c98950e1b4019831e68b70bd72376967d40f31b8294a6
-
SSDEEP
6144:IfGcMPCUXAxodysIxTbj3W//hkk/Gmoy0DSROwOfUzGXgmNxI:zceXAokbjiumobDTJfPbA
Malware Config
Extracted
Family
lumma
C2
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
1nstaller.exedescription pid process target process PID 2268 set thread context of 1476 2268 1nstaller.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
1nstaller.exedescription pid process target process PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe PID 2268 wrote to memory of 1476 2268 1nstaller.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1476