Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 09:57
Behavioral task
behavioral1
Sample
8ff3cee3eb06229dd932256e10e67431.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
8ff3cee3eb06229dd932256e10e67431.exe
-
Size
5.5MB
-
MD5
8ff3cee3eb06229dd932256e10e67431
-
SHA1
6e8b5ce52148cccdc9570ff67e059f48c90fccfa
-
SHA256
65d4936f68f29cb7730436fcbf987aa2ee7a5c3a9d2a45f40fd2cb7e37e81640
-
SHA512
72ef16a155df452e912d82474a947a652a2570022bb4a65ad5a124d26b01130790a35d33920cffe7e9db758d5ebc5f39d2b9e8ebd8def69925fa96d94e0c0449
-
SSDEEP
98304:SXtuV2KxgKn2OkNuQXwWDctUcFygm34BnwChAKW44QH:0uVXxgi2vcQgLueAKa
Malware Config
Extracted
Family
lumma
C2
https://unhappytidydryypwto.shop/api
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3080-1-0x0000000000060000-0x0000000000949000-memory.dmp vmprotect behavioral2/memory/3080-3-0x0000000000060000-0x0000000000949000-memory.dmp vmprotect behavioral2/memory/3080-9-0x0000000000060000-0x0000000000949000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
8ff3cee3eb06229dd932256e10e67431.exepid Process 3080 8ff3cee3eb06229dd932256e10e67431.exe 3080 8ff3cee3eb06229dd932256e10e67431.exe