Analysis

  • max time kernel
    147s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 13:33

General

  • Target

    a948976eded517477a4f71a15578a9e1.exe

  • Size

    104KB

  • MD5

    a948976eded517477a4f71a15578a9e1

  • SHA1

    3762de142aae4044829461ed186a9b397e668d1f

  • SHA256

    73dea3ec1437dd358cc7c48d80bcd41001c79bf344a3039908159a9bed5d8583

  • SHA512

    f935453f15ba296b47be1c273f97512eefb61659065442024db92c864d2edfe281b252fb91c8e39111dab26d10747c821285799e11e38c11a835d28d8ec5117f

  • SSDEEP

    1536:SXpTCaBA4oCe7TX454bdgunpIr/5OlJ8bBjXO1IK3hrDNljWLVI/S:WpTSZhgB5OlJ8bBK1IChrDNl

Score
10/10

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 28 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a948976eded517477a4f71a15578a9e1.exe
    "C:\Users\Admin\AppData\Local\Temp\a948976eded517477a4f71a15578a9e1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3280
    • C:\Windows\SysWOW64\lass.exe
      C:\Windows\system32\lass.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\lass.exe

    Filesize

    104KB

    MD5

    a948976eded517477a4f71a15578a9e1

    SHA1

    3762de142aae4044829461ed186a9b397e668d1f

    SHA256

    73dea3ec1437dd358cc7c48d80bcd41001c79bf344a3039908159a9bed5d8583

    SHA512

    f935453f15ba296b47be1c273f97512eefb61659065442024db92c864d2edfe281b252fb91c8e39111dab26d10747c821285799e11e38c11a835d28d8ec5117f