lumma | 2d27d929651f167d690fa610fa8fbcfb33d0d30ebc158ef50a8bc62000270ca7

Analysis

max time kernel
140s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 18:46

Target

Executor/Injector.exe
Size

1.2MB
MD5

9d6470e951494e2195189b03bf47c9c2
SHA1

f99012e40e258b79f7b97b9efe91e7f01d93d5be
SHA256

2c9f5f678d8c8448cab83d4a855100b347ce50ac7d495a156b72edf81389cc9a
SHA512

fbe68915cd1445050a5e2450455425f66ad7cc1622eeb38a0a77f964af8c2c1008746dc12cc13b0339ec6a301a59f8edc6465c030f6b3eead2c038cbf1ed725d
SSDEEP

24576:isMl5IXhqt4J3jo09c2ga8eFUJspf8fVuYX560FCX:ifTt4J3jo0M1sd8fRJVY

Score

10^/10

lumma stealer

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

Injector.exe

description pid process target process

PID 2748 set thread context of 3556 2748 Injector.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4604 2748 WerFault.exe Injector.exe

description	pid	process	target process
PID 2748 set thread context of 3556	2748	Injector.exe	RegAsm.exe

pid	pid_target	process	target process
4604	2748	WerFault.exe	Injector.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

Injector.exe

description	pid	process	target process
PID 2748 wrote to memory of 5024	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 5024	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 5024	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe
PID 2748 wrote to memory of 3556	2748	Injector.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\Executor\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Executor\Injector.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5024
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 364
  2⤵
  - Program crash
  PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2748 -ip 2748
1⤵
PID:3384

memory/2748-1-0x0000000000660000-0x0000000000799000-memory.dmp

Filesize
1.2MB

Download
memory/2748-5-0x0000000000660000-0x0000000000799000-memory.dmp

Filesize
1.2MB

Download
memory/3556-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3556-3-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3556-4-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3556-6-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download