Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-04-2024 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    301edecf059689afbeb7d149f30a14d24b86eb34fcce77c61455a8bbd76a2421.exe

  • Size

    354KB

  • MD5

    608b0f78426265479c8e263b5d94ef79

  • SHA1

    8a1f468c72b524016ec5339662d6af6cd8fca8ff

  • SHA256

    301edecf059689afbeb7d149f30a14d24b86eb34fcce77c61455a8bbd76a2421

  • SHA512

    e400fd1d59fe48840f7d1577e5eab967995adbc7cbe8692b844487a33e6d15f4c4731b35c419cc5d1c00070b91ac53d5763d09ff08baa37b9505736fe1ecbd32

  • SSDEEP

    6144:iVHNH5LnXokheOATc2qKekV2C3lS1XSLr/UPB:iVtH5L4OAw2HekV11SlM+

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://strollheavengwu.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\301edecf059689afbeb7d149f30a14d24b86eb34fcce77c61455a8bbd76a2421.exe
    "C:\Users\Admin\AppData\Local\Temp\301edecf059689afbeb7d149f30a14d24b86eb34fcce77c61455a8bbd76a2421.exe"
    1⤵
      PID:4720
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 1084
        2⤵
        • Program crash
        PID:3756
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4720 -ip 4720
      1⤵
        PID:1032

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4720-1-0x0000000004270000-0x0000000004370000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4720-2-0x00000000045E0000-0x000000000462B000-memory.dmp

        Filesize

        300KB

        Download

      • memory/4720-3-0x0000000000400000-0x0000000004048000-memory.dmp

        Filesize

        60.3MB

        Download

      • memory/4720-4-0x00000000045E0000-0x000000000462B000-memory.dmp

        Filesize

        300KB

        Download