lumma | 7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda

Analysis

max time kernel
94s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 14:18

Target

tmp.exe
Size

308KB
MD5

d05ddc72d9c4fae1ee83e9ac16275afc
SHA1

852e1078974794aeaa40a74201efce257987be2c
SHA256

7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda
SHA512

3b0f662f28fa449146159da4821e0f6004edb57506159f8ac2bedd8a45e771bcfcb696c2f6a59a1df0c80099bb83c6a7d11542280ff411bba2397799a943a587
SSDEEP

6144:j11lb/L51L7HCaspEUi48UgZUbTtg/N0inheNH1e8EtlcjItq0a0:x/X/f418UgZUG10iOVM0

Score

10^/10

lumma stealer

Family

lumma

https://pushjellysingeywus.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 2756 set thread context of 3108 2756 tmp.exe RegAsm.exe

description	pid	process	target process
PID 2756 set thread context of 3108	2756	tmp.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe
PID 2756 wrote to memory of 3108	2756	tmp.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3108

memory/2756-0-0x00000000006A0000-0x00000000006F4000-memory.dmp

Filesize
336KB

Download
memory/2756-1-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/2756-9-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/2756-10-0x0000000002B10000-0x0000000004B10000-memory.dmp

Filesize
32.0MB

Download
memory/2756-12-0x0000000002B10000-0x0000000004B10000-memory.dmp

Filesize
32.0MB

Download
memory/3108-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3108-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3108-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download