Overview

overview

10

Static

static

1

Maple.exe

windows10-1703-x64

10

Maple.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    48s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maple.exe

  • Size

    323KB

  • MD5

    75daeb70b82abf4bed5cac5aa4925150

  • SHA1

    63b639652e6fcbcd10395f25b977595033eab380

  • SHA256

    e7b47829b5b18ffd0b5d4bdee8fafe110723005dd3d5535be770c7f96b2c6be4

  • SHA512

    02302f65eed7a1929db43611160c6a51ee6127fc77c981244d9652b5c1547c4b689006a6da114cb048215bdf7c5778cb644a8b4560028ddd8ef18218499c4ce6

  • SSDEEP

    6144:P7mGldfMgcjTU1H2l700AnfkxneaOHl16vX1lBq1XjmB6OscJt57b:Nbf4TUFio0GkxbOHzyZqxyyO7b

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://affordcharmcropwo.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maple.exe
    "C:\Users\Admin\AppData\Local\Temp\Maple.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3852
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:1888
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 808
        2⤵
        • Program crash
        PID:400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3852 -ip 3852
      1⤵
        PID:1388

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1888-4-0x0000000000400000-0x000000000044A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/1888-7-0x0000000000400000-0x000000000044A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/1888-9-0x00000000007D0000-0x00000000007D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1888-10-0x0000000000400000-0x000000000044A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/3852-0-0x0000000074570000-0x0000000074D20000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3852-1-0x00000000009D0000-0x0000000000A22000-memory.dmp

        Filesize

        328KB

        Download

      • memory/3852-8-0x0000000002E40000-0x0000000004E40000-memory.dmp

        Filesize

        32.0MB

        Download

      • memory/3852-11-0x0000000074570000-0x0000000074D20000-memory.dmp

        Filesize

        7.7MB

        Download