Overview

overview

10

Static

static

1

@#!Open_Ma...up.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    @#!Open_MainFile_6788_Pa$ṣW0rD%$/Setup.exe

  • Size

    94KB

  • MD5

    9a4cc0d8e7007f7ef20ca585324e0739

  • SHA1

    f3e5a2e477cac4bab85940a2158eed78f2d74441

  • SHA256

    040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92

  • SHA512

    54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3

  • SSDEEP

    1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://harassretunrstiwo.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\@#!Open_MainFile_6788_Pa$ṣW0rD%$\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\@#!Open_MainFile_6788_Pa$ṣW0rD%$\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Windows\SysWOW64\netsh.exe
      C:\Windows\SysWOW64\netsh.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Users\Admin\AppData\Local\Temp\tracewpp.exe
        C:\Users\Admin\AppData\Local\Temp\tracewpp.exe
        3⤵
        • Loads dropped DLL
        PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7fd07d16
    Filesize

    1.2MB

    MD5

    8ac9a8008607db82a6eff5ce1ff2c05c

    SHA1

    dd12ca0b9a66728513c5e7d0f5737d2bc7a77d59

    SHA256

    c73f8b810204e242f961518b05cf71f5d958e699b26b03eca01c271a396e262d

    SHA512

    a79d06feeb358d7c4143219ac3bf682b618e59742eccc3c10a9a2771e414de006b9b7548367d2e5053cd5d6bc94069dc1f0f117a8a67904c7021c1a751cd4282

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tracewpp.exe
    Filesize

    207KB

    MD5

    0930890f83efad2a3091d1e3f0b82707

    SHA1

    e0dcdefdde9dddd482e0b72504b35e96b795b27e

    SHA256

    e8be7f038dd98179a1a27d5b176d23a60ad44426442699a3b9b714f9778c5cf2

    SHA512

    608e2a169a9eb3c1b8e4459704e87123e5d04de57937175811a3f67559f0ead77b09e48562c1df732552a6aca7a8089528f43cda83bcdad1644a089b11a0e9f6

    Download Submit

  • memory/1388-13-0x0000000074250000-0x00000000743CB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1388-9-0x00007FFB75AD0000-0x00007FFB75CC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1388-12-0x0000000074250000-0x00000000743CB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1388-16-0x0000000074250000-0x00000000743CB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3660-6-0x00007FFB57800000-0x00007FFB57972000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3660-0-0x00007FFB57800000-0x00007FFB57972000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3660-5-0x00007FFB57800000-0x00007FFB57972000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4380-18-0x00007FFB75AD0000-0x00007FFB75CC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4380-19-0x00000000000D0000-0x0000000000120000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4380-21-0x0000000000340000-0x00000000003C4000-memory.dmp

    Filesize

    528KB

    Download

  • memory/4380-22-0x00000000000D0000-0x0000000000120000-memory.dmp

    Filesize

    320KB

    Download