Resubmissions

27-02-2024 14:23

240227-rqdq3sbb35 10

27-02-2024 14:20

240227-rnqymabe9t 10

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 14:20

General

  • Target

    Temp-Spoofer-LifeTime-main/Loader.exe

  • Size

    412KB

  • MD5

    ca63e74104cfd7ee90019875c0cffe6b

  • SHA1

    44660ef376819e6a0d275885913e3d4f2a7e3f97

  • SHA256

    868f78eac76904c7c8286243061396fa05a9c6c3cc4315f7a7848a358916ee29

  • SHA512

    ca43d646d8f354977fd6a8745622b00098afce08760e850f4865b106407202a36a837683f0cab4c3b4b877f45c36036c9a835f4f40d32bc5881c17a7e016d715

  • SSDEEP

    6144:62X+joLNTy6Yqj2ErwTt3ISmebEeHSTL0pq6vZ4retBHNU3ZkX7rQ:R+kLNhqErwFISmeyUvZ46nm3ZqQ

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Temp-Spoofer-LifeTime-main\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Temp-Spoofer-LifeTime-main\Loader.exe"
    1⤵
      PID:3744
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1232
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4848

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

        Filesize

        202B

        MD5

        4566d1d70073cd75fe35acb78ff9d082

        SHA1

        f602ecc057a3c19aa07671b34b4fdd662aa033cc

        SHA256

        fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

        SHA512

        b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

      • memory/1232-20-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-12-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-69-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-68-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-21-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-10-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-11-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-22-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-13-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-24-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-16-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-15-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-17-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-18-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-19-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-65-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-66-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-67-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-14-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-25-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-23-0x00007FFF3BE90000-0x00007FFF3BEA0000-memory.dmp

        Filesize

        64KB

      • memory/1232-26-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-27-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-28-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-29-0x00007FFF7DE70000-0x00007FFF7E065000-memory.dmp

        Filesize

        2.0MB

      • memory/1232-30-0x00007FFF3BE90000-0x00007FFF3BEA0000-memory.dmp

        Filesize

        64KB

      • memory/1232-64-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/1232-63-0x00007FFF3DEF0000-0x00007FFF3DF00000-memory.dmp

        Filesize

        64KB

      • memory/3744-5-0x0000000002D80000-0x0000000002D81000-memory.dmp

        Filesize

        4KB

      • memory/3744-6-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

        Filesize

        4KB

      • memory/3744-9-0x0000000002A80000-0x0000000002AC6000-memory.dmp

        Filesize

        280KB

      • memory/3744-0-0x0000000002A80000-0x0000000002AC6000-memory.dmp

        Filesize

        280KB

      • memory/3744-8-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

        Filesize

        4KB

      • memory/3744-7-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

        Filesize

        4KB