Overview

overview

10

Static

static

1

Maple.exe

windows10-1703-x64

10

Maple.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    39s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maple.exe

  • Size

    323KB

  • MD5

    75daeb70b82abf4bed5cac5aa4925150

  • SHA1

    63b639652e6fcbcd10395f25b977595033eab380

  • SHA256

    e7b47829b5b18ffd0b5d4bdee8fafe110723005dd3d5535be770c7f96b2c6be4

  • SHA512

    02302f65eed7a1929db43611160c6a51ee6127fc77c981244d9652b5c1547c4b689006a6da114cb048215bdf7c5778cb644a8b4560028ddd8ef18218499c4ce6

  • SSDEEP

    6144:P7mGldfMgcjTU1H2l700AnfkxneaOHl16vX1lBq1XjmB6OscJt57b:Nbf4TUFio0GkxbOHzyZqxyyO7b

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://affordcharmcropwo.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maple.exe
    "C:\Users\Admin\AppData\Local\Temp\Maple.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:1316
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 780
        2⤵
        • Program crash
        PID:4264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/748-8-0x00000000029D0000-0x00000000049D0000-memory.dmp

      Filesize

      32.0MB

      Download

    • memory/748-1-0x00000000731D0000-0x00000000738BE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/748-16-0x00000000029D0000-0x00000000049D0000-memory.dmp

      Filesize

      32.0MB

      Download

    • memory/748-15-0x00000000731D0000-0x00000000738BE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/748-0-0x00000000005B0000-0x0000000000602000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1316-10-0x0000000000C50000-0x0000000000C90000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1316-9-0x0000000000C50000-0x0000000000C90000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1316-13-0x0000000000C50000-0x0000000000C90000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1316-12-0x0000000000C50000-0x0000000000C90000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1316-11-0x0000000000C50000-0x0000000000C90000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1316-14-0x0000000000400000-0x000000000044A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1316-7-0x0000000000400000-0x000000000044A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1316-4-0x0000000000400000-0x000000000044A000-memory.dmp

      Filesize

      296KB

      Download