Overview

overview

10

Static

static

3

LauncherMo...12.exe

windows10-2004-x64

10

LauncherMo...12.exe

windows7-x64

3

LauncherMo...12.exe

windows10-1703-x64

10

LauncherMo...12.exe

windows10-2004-x64

10

LauncherMo...12.exe

windows11-21h2-x64

5

Analysis

  • max time kernel
    23s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LauncherModMenu v1.12.exe

  • Size

    489KB

  • MD5

    f42bf6d96690525c1736bb2d82e239ce

  • SHA1

    ef66dcc2595d03b717fd664d8dda8a8352142fca

  • SHA256

    b4fba8a4ffa218678ca7cf1f75af4bcb2b6d2ee1880bd9a03e4c51c9030f2e49

  • SHA512

    146961a4d0e319a7606c121fc208722cd9f532b6db9a54443ecb65f46d7c42430f628450d6a0c3b2510308c9b0c8e9d7ed430b0d36a7fe5be24a8690b2b768e7

  • SSDEEP

    12288:SU/qlWEJNgZ3Kcj0PP8oQkbdGy17kDGixc6hsWF76kpjoCe:nqlXJNYacgn/lbdGy0DuqYecR

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LauncherModMenu v1.12.exe
    "C:\Users\Admin\AppData\Local\Temp\LauncherModMenu v1.12.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:4624
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4316
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecc0cab58,0x7ffecc0cab68,0x7ffecc0cab78
        2⤵
          PID:4644
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:2
          2⤵
            PID:1032
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
            2⤵
              PID:4044
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
              2⤵
                PID:3224
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:1
                2⤵
                  PID:1600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:1
                  2⤵
                    PID:3456
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3624 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:1
                    2⤵
                      PID:868
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                      2⤵
                        PID:4368
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                        2⤵
                          PID:2384
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                          2⤵
                            PID:2244
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                            2⤵
                              PID:3928
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                              2⤵
                                PID:380
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                                2⤵
                                  PID:4080
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:8
                                  2⤵
                                    PID:968
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4640 --field-trial-handle=2016,i,14179174156218457949,3731596076598073376,131072 /prefetch:1
                                    2⤵
                                      PID:2032
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:3960

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      128KB

                                      MD5

                                      f2fe65e0b7867db4881529ed2ca64430

                                      SHA1

                                      ca3c717aeeea78fcd70c60cfa9d4eae7febedcd4

                                      SHA256

                                      73167f19be8ae3c895e21e851101e3c816f61a4ef7c5dc6f576f263658078f6f

                                      SHA512

                                      6fcabbbf9c3d35070e81154a58e4213d931abacb7f94fbba9987add567cce3f96608c2864b1b8e98b529d8c4da42a157a164d66592c6b34f47864b7056c0f687

                                      Download Submit

                                    • \??\pipe\crashpad_4316_TLDWPHUHCVBRSDCB
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • memory/4624-0-0x0000000000400000-0x000000000044F000-memory.dmp

                                      Filesize

                                      316KB

                                      Download

                                    • memory/4624-4-0x0000000000400000-0x000000000044F000-memory.dmp

                                      Filesize

                                      316KB

                                      Download

                                    • memory/4624-5-0x0000000000400000-0x000000000044F000-memory.dmp

                                      Filesize

                                      316KB

                                      Download

                                    • memory/4624-6-0x0000000000400000-0x000000000044F000-memory.dmp

                                      Filesize

                                      316KB

                                      Download

                                    • memory/5092-1-0x00000000002A0000-0x000000000031E000-memory.dmp

                                      Filesize

                                      504KB

                                      Download

                                    • memory/5092-3-0x00000000002A0000-0x000000000031E000-memory.dmp

                                      Filesize

                                      504KB

                                      Download