Overview

overview

10

Static

static

10

e88bfe897a...18.exe

windows7-x64

10

e88bfe897a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 22:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e88bfe897a31e505cee41a6ff94c9cb4_JaffaCakes118.exe

  • Size

    6.8MB

  • MD5

    e88bfe897a31e505cee41a6ff94c9cb4

  • SHA1

    100e2e9152f0eb2dc001721c4a82aea94d6dff4d

  • SHA256

    d867303049c366cb4ff991dcb70d0b038c2586463979001de2817cb75b2e6b27

  • SHA512

    84e3d25f79296f9b8e376c5f4897dd5f86b82d584b4d17b04816688b1af7fe2c619409ac9947251d1edc7efa79d84c0bbb827ccdac6bc62393b76896e4fd698e

  • SSDEEP

    98304:/t+ebVLdahr+YTRi0TGgU8oxKFK7JIhXa1PSELk/GEAUfZ82ub8GRprbGJ1y1xWo:Rh6hoeK71aELkaUfdOMeXdVlG5Fp+

Score
10/10
lummastealer

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e88bfe897a31e505cee41a6ff94c9cb4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e88bfe897a31e505cee41a6ff94c9cb4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\e88bfetg42H0V.exe
      "e88bfetg42H0V.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1716

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cfg.ini
          Filesize

          19B

          MD5

          265e071b553c5a497d36ecb30c27510b

          SHA1

          86695eb4a1b9aa1c074de154bdd7d869091c3425

          SHA256

          a757b9bab3dd34f0283567193647931ccae9c5573140475117f5832477b5e187

          SHA512

          5d66c266edf6f3344ffdf6c062c220e57107ab0c35763fa52c976f62792ed1f1689256767d7fe6a1557d57b818eb891f253d7730553ecc0cf741e4213fc3684d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\e88bfetg42H0V.exe
          Filesize

          6.8MB

          MD5

          17b136e03289f9e56103e66970fd26aa

          SHA1

          653e165d7531265ce34be6474bd9e215481597c5

          SHA256

          ddd98d22b6ce1ec19b9098bcc21cfbf49cc7f129fec6559d54b7e7b60e81561f

          SHA512

          6d0498b0857e7d40fb228bf172af8cdc0ffb3d85a4d8056bdb50e9b03bac1391186cb7bac317a60776ee02771d0a8be907600d8f53285a9bf7187a9bb80ab83e

          Download Submit