Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 08:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Zenpak.exe
Resource
win7-20240220-en
0 signatures
150 seconds
General
-
Target
HEUR-Trojan.Win32.Zenpak.exe
-
Size
333KB
-
MD5
cf4ff205a66aeb5f6b1bba22ebe5f1b2
-
SHA1
4be5c3ba15e213352de1904f3982a70af5424bae
-
SHA256
83e695764d14ce6f033fae9cccd702951407b1ecd4d15defdd5dd9d9d80342ce
-
SHA512
11fb3dba341839220ae4c7c4ac6d3b54be667309b9090ed0b79750130cbf3aec4b50cf22dbd1eb77d2a6c73d852ff43b8aa2425c67ddada594a93f3bfad2aaa6
-
SSDEEP
6144:1d/9aJFE3xGbcQFtTUbhUyXTLsbRreJHB2LPC7z1://MMhAFpghUcAre/v
Malware Config
Extracted
Family
lumma
C2
https://vatleaflettrusteeooj.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Zenpak.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Zenpak.exe"1⤵PID:4988
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 11362⤵
- Program crash
PID:4728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 12282⤵
- Program crash
PID:732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 12402⤵
- Program crash
PID:3380
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4988 -ip 49881⤵PID:4152
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4988 -ip 49881⤵PID:1744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4988 -ip 49881⤵PID:560