Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19/04/2024, 00:23
General
-
Target
CheatInjector ver. 2.34.exe
-
Size
33.1MB
-
MD5
ab973028da8df3f170f289ac9af647aa
-
SHA1
d528346e50287b193254f087f97cba08a84d5269
-
SHA256
1c750360e1bb43dd633e4c436840902391f089b1ae589e26f1226f42817d8729
-
SHA512
5d180a4c5774719c1cd42ad9a0491908e88954398cb3a2f1503e044f5c56221693eb4358acceb406f023062d87e2f19bf4a38d9dfe5473d466272a5b524a568a
-
SSDEEP
786432:60oGgfftXkmltvZt8tiJkuV/ITtaE4SBFwU:GSf
Malware Config
Extracted
lumma
https://peanuearthflaxes.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CheatInjector ver. 2.34.exe"C:\Users\Admin\AppData\Local\Temp\CheatInjector ver. 2.34.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=oikpxu.exe oikpxu.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcc46e46f8,0x7ffcc46e4708,0x7ffcc46e47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3560 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5614180079601814073,10266887739962534793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD570ae4bf8f75c69610c1d00131c1ec28c
SHA1eab92c184a3b655377f375b1b25ef85fb06c7130
SHA2569f46453862eb083e85697631455185c0ead19ec86c1ae3d15274c06c9a38731b
SHA51229299dbc0114f01525bff67ec421a28056905e8f5d21f00502554f446883b6086f8b9a2c27a591f364077da17c21438910b8dbf163a59f6f80272eb7d5f05c68
-
Filesize
152B
MD58b1931878d6b8b22142fd7fd614add5c
SHA10e20ec0bec5a9fe3b6666c3009626f0420415bc7
SHA256d78e49cf9c940d8a407fca2338e30b754e4579c64e88932c46c3871f62c15904
SHA5121e7a63ff7340719736560277601ff43f30937dbd4a1fbacbcb0d72fa708216692a4bb4ba658edf227b767975b430fc94e7c4f0b5dab29bef9483bfcfb38e1cf3
-
Filesize
2KB
MD55dbdd1c7ebc8afec91b86113cf824755
SHA1fb4bbafa060ccfba185a1c0f25e0453f3fec6f2a
SHA2565b549b60aa67be7e620255cb3f17a39c2c64048f55ff489bcb32c55bb7ac3932
SHA5128bd94d9520710794a51842ae287bb3311b12db7953940ec2aa7c01c5d974f9424935d6d0b9214a87e45b865310b1bd0daac4ee94685ecf84e672e094d6f3aa72
-
Filesize
4KB
MD5674c4acb08c0f013c962bb2d0ad5eb7e
SHA1b03d22225b63e0327c7fdc3cb6ee6a1a0cb6035e
SHA2562816089cb7b78a00d0d5464f7199e1a5ff41666605fc6b45db096e58f9b0c311
SHA51273f47b176f39ed982b92c661871a8e89bbf8d32b07bb90e8ac7fe5377c15c4b6227ca62dc5b9c3fd74d16113305cddaebf4ad52c7bf8d2e5edb02e399615ee78
-
Filesize
4KB
MD5e755dfa66ed8e164dfb882cf70e6ae1c
SHA14aac4500389d55eb42847e278d784cb53f05e9b1
SHA25640805cab2b687707b1387dcbca808a97584181121dfca5afad20ee3cd5fcfb7f
SHA512239306108690cb963f629ce7f5543c778273aced341c2e1483332fd1035457b9f78d7b6e8f1f10ae499cf041022802751175a103fcc43c8df36b129a4b10558f
-
Filesize
6KB
MD5fe749c65da4d3961a617a54450299de7
SHA19af8aea3e6ceba4ef9f3d385b07156949adff143
SHA25602cac89cb737765ab3858fe159c4fc15fbf28329ca989952f62173fc80da04a4
SHA51234f2ef87c8a5884c3e904e02eeb341f951e70a6248ec75fb574c80d39cea73bc57b67726dad2ea52f7e8c6734d60ffee6ad980d15b86fe365678e7786f9c8873
-
Filesize
6KB
MD5ecd6fe25f7aa45b8fffded52e44226cc
SHA1759cf2246b6af23d7c1d4109783c3bbc9fc3be85
SHA2562b0d3979f3bafa281a9812b2c21ca7e918072777b797781dd918f319b7357239
SHA512c4b7c949a6351e11986524e418567acb70af2f42df3a0cda4722ca3fd09bddd623c791f058385598a0875f66089b30e65807d3a95fb9f314d09a532486dc3c76
-
Filesize
7KB
MD51b7637f843e62cd14041d7e953d826c8
SHA16d8653041940daa7b16b8d7491814769d3a8bd67
SHA256dd7d25e3f3188b08f2e410626c92159c591f3842b798b7b99faf123e86a27e57
SHA512cf3f3de286762194d220431072a8f6799ec8940eaedcb25ad827548a2454a602f3ce6b5438edf88c6c194bb9beeb01239308910e8811b27be8bdd9840c2bcad1
-
Filesize
7KB
MD5e684c8b87f98dee85161c44c81a1411b
SHA1fb425bed003a9ff8123280e8b6feab5877d9c349
SHA25655456da4ae107c741b377e06cd3c531da519c660e704aca5d43c6c88a6080193
SHA51278b43cd40deae92d51e781be25451f6aa10425da641a343dad8b0e84db451db824742c2772c6137dcd4926b487d7a6c8c542f61cf7d3da86c2cbe50531b2ee3b
-
Filesize
8KB
MD5ee0c814aa3cf1e84f4591f2f549bf210
SHA1cdfb6c4375979183774a1447b943bf02220962fd
SHA256ac1a006521bc1d914f597bc57b20ca052c82e807e55c5861540fba6810c0f441
SHA512d70a9983d35f4bf9a8f778e2c1c458be18dd4f160271b1c69255f2b5db625a8cb9e993e4968a113c09c510da577d6fae9dbe43af4c8ec9509b52b20689d4a25c
-
Filesize
2KB
MD508888e8b3ec59e7e8ac557592503b4d6
SHA14519bfa8ce9360bd6862413b2fc1c784cc0ae0ea
SHA256d58ca0faf988a3e890c2e85268276fc2196be726ed17cb9e18e92c0e1d01e1f4
SHA512f7b3d32583f5c66b7da693fb45f405d058967ec1d0271d67ebe9eac216f99aa8da5cb47e9ef76f7f172398be62fa81565911f5ad993a6ff261fbd9a60897f05e
-
Filesize
2KB
MD5899f632bf44ea015998b3d157d7df122
SHA117e2e2c0813ac6a430af1edba351eaef6947f14d
SHA256f0d21bdd670e5889e47c1fb0a4002cc68c38e7a4bef4b2c827ab25db48c9ab39
SHA5127fe96ef22610f12fb70c951485b39c95ce38764470e8665852192da10734107b86065edd1b595a6a13ab682a252a6893bc1fbc38b78eedf2619c946ea23fca9d
-
Filesize
538B
MD515af1eb585209ea61dac94d3ac47df2b
SHA16881100507647dc5d0a30b47b1a1da3e847faebd
SHA2569156114cd32a05ba2e4022265c31816fac88b80e944f31cf825bbe00f7218126
SHA512b793fcc6dba4fc36dc9b1034b0976d1c0d93b943d5b523f8e7254458995ae05352e311343803bf0c0858bb95d12c326d2310d605e530145759e992fcc912b925
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5883e410dbbde51db4e55ab881fe3b955
SHA1fc1831c44c1fe2c6ab3aa14515fbbbe080329e33
SHA256bed99a73bded968c877da1c05577c53a94f8ce9a2c8e4e8333c522ba24062443
SHA51266b7df34a19a47a44adf5edb6ee7d896a2766c9a7ddb3f9509541055d12738db3755fae009e9e91aea98d60f66ab8aa57a177724aea08a1cf4cd4142c55e9864
-
Filesize
11KB
MD5be63bcb09dd324e8363deac394a7d291
SHA1bcae7c543817afb971f2c7610222778c095161b5
SHA256bfb9652d8fdebdb03d96f6de1bd68f316ddfc8f3bda407aca2f7ff3bbba403f9
SHA5129b61c02d2f946ba552def22ed5fdb247b954a306373ac1420efbbd547f9983f308b8dadfb31be5782dc08d838a3930255608cc85de54c4dcb1e0707868d0f5ad
-
Filesize
12KB
MD5931943888a3cbffffc10001de5110ecc
SHA1b2cd6e274138a84311afad5232c8f5b387946150
SHA256d440b4f6757e8b1437c69eca711bed91dd4a702aa3e168df12b9350183bcc63e
SHA512c2a3752037c11564b4bd312670a3437b085b28711f2203d5b0febad8682aaf1765a68455accf7104143f361dbf25ce909a2db15323124d5d88bb838476639204
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
33.7MB
-
Filesize
33.7MB