lumma | 9b8c538cfaba9cfa4fc75ed96b8846f240d0bf3a7f440609964ad31aaabdcfc8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 18:10

Target

file.exe
Size

422KB
MD5

804b1a320ca4610b1e44af97fd9c295a
SHA1

5be4e86aa94c00cc0fb69292b71ce2581493b144
SHA256

9b8c538cfaba9cfa4fc75ed96b8846f240d0bf3a7f440609964ad31aaabdcfc8
SHA512

fdd88ccf44b3e0c27c022bd9e936f05cae73a260e408078a18ae9b8995451a8d7bb677d152c79e0e70c41bf66439530b03b707fdad3826c5edfc745452a62b8c
SSDEEP

12288:qy3q/jkZxUcjAWlwTfTLqREbVd09PSVk4po:LqbkZ3ObiRmd00S

Score

10^/10

lumma stealer

Family

lumma

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

file.exe

description pid process target process

PID 3252 set thread context of 2312 3252 file.exe RegAsm.exe

description	pid	process	target process
PID 3252 set thread context of 2312	3252	file.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

file.exe

description	pid	process	target process
PID 3252 wrote to memory of 4776	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 4776	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 4776	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 3500	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 3500	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 3500	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe
PID 3252 wrote to memory of 2312	3252	file.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3500
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2312

memory/2312-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2312-4-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2312-5-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2312-6-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3252-0-0x0000000000950000-0x00000000009BB000-memory.dmp

Filesize
428KB

Download
memory/3252-2-0x0000000000950000-0x00000000009BB000-memory.dmp

Filesize
428KB

Download