Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 23:00
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
file.exe
-
Size
317KB
-
MD5
5352e846611bdf4ad7482d7a64445190
-
SHA1
5d44de3ee7144a7a3566f362d277c29dee41594f
-
SHA256
90cc438e254ee84a0362aaab2d05ca61022c2a9d855651831ea9331bdf4a54f7
-
SHA512
120e2e381e0347fb2990d74622f2448dd88d2e27db49d18b79e17fd18604c1096f9adead0f8b5fbf35615a9829da0812dd6919a00473eee38d7227335988b3ea
-
SSDEEP
6144:v58T0cNW9wInNW0jIyV16HTqU7ruGr3OUik7/SVYmzK:veIcNWztUqgv7hGk7/Id+
Malware Config
Extracted
Family
lumma
C2
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 4496 set thread context of 1764 4496 file.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
file.exedescription pid process target process PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe PID 4496 wrote to memory of 1764 4496 file.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4496 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1764
-