lumma | 6a103e31e7c1990a5f21e6ad483805b01fdbabe9fd9454f42aab0eda9b5d67cf

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 16:20

Target

file.exe
Size

530KB
MD5

756931963ef47d8261e3090770710355
SHA1

074e49a53dc0dea819a2ce9b487982f0ac114d86
SHA256

6a103e31e7c1990a5f21e6ad483805b01fdbabe9fd9454f42aab0eda9b5d67cf
SHA512

231458212051567f7549a7d24d0d956219e33480fbba3428b2259d571265802aa9b8727998f6c5bf62e30c1ec673619506b5cb9d1220c738af0685be2ec397ce
SSDEEP

12288:6L8s73bmtO4RH1ROUguWO3t0u6ZwevUDRHuGN19v/BQa/muUiq9uxzrwy/ZW+Ln7:6gqDdPofMR/TWOSKY0Emo

Score

10^/10

Family

lumma

https://wisemassiveharmonious.shop/api

https://colorfulequalugliess.shop/api

https://relevantvoicelesskw.shop/api

https://associationokeo.shop/api

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/532-1-0x0000000000CE0000-0x0000000000D66000-memory.dmp	family_zgrat_v1

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 532 set thread context of 4596	532	file.exe	99

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 904	532	file.exe	98
PID 532 wrote to memory of 904	532	file.exe	98
PID 532 wrote to memory of 904	532	file.exe	98
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99
PID 532 wrote to memory of 4596	532	file.exe	99

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:904
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:4300

memory/532-11-0x00000000032E0000-0x00000000052E0000-memory.dmp

Filesize
32.0MB

Download
memory/532-1-0x0000000000CE0000-0x0000000000D66000-memory.dmp

Filesize
536KB

Download
memory/532-2-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/532-0-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/532-18-0x00000000032E0000-0x00000000052E0000-memory.dmp

Filesize
32.0MB

Download
memory/532-10-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4596-5-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4596-12-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/4596-13-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/4596-14-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4596-15-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/4596-16-0x0000000000F80000-0x0000000000FB2000-memory.dmp

Filesize
200KB

Download
memory/4596-17-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4596-8-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download