Overview

overview

10

Static

static

1

Places to visit.scr

windows7-x64

1

Places to visit.scr

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Places to visit.scr

  • Size

    772.4MB

  • MD5

    b61ea25997f2f8721ac589703526dd6b

  • SHA1

    3bd31fe83ff4e4ad99395426654f80200b21e021

  • SHA256

    8d4ade5b2a0b9b026e58e9771ce41d77a82cebae4d493cf3170b14c45b236b69

  • SHA512

    450f26ec9fc2feb1854d5d00271eba0b128831cdd09c8a6675d248ea4ef2f6e0f7d1bd0f00a5ee3242577ac5d1ffc48175a9ca4ebdda021c7b91d4fb5d7dfa8a

  • SSDEEP

    6144:Xc2iyp+gYP1ueAFoTScAXstyrTKmBrHfqlyeBzbRNI07EoUOlc/:YyyP1jAF2SRcqumBrHfqvP5Eo3+

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://theatergenerationju.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Places to visit.scr
    "C:\Users\Admin\AppData\Local\Temp\Places to visit.scr" /S
    1⤵
      PID:3596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 1104
        2⤵
        • Program crash
        PID:1916
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3596 -ip 3596
      1⤵
        PID:2672

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3596-1-0x0000000003000000-0x0000000003100000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3596-2-0x0000000004AA0000-0x0000000004AEC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3596-3-0x0000000000400000-0x0000000002D4B000-memory.dmp

        Filesize

        41.3MB

        Download

      • memory/3596-4-0x0000000000400000-0x0000000002D4B000-memory.dmp

        Filesize

        41.3MB

        Download