Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
26-04-2024 08:51
General
-
Target
f2c702e8c3426b2f761bf7179672bd14d3e145100549341293ae099397df3110.exe
-
Size
388KB
-
MD5
45b6852a201739a401563fef37337da5
-
SHA1
007725010dce12d6a053723590086371750d6fdf
-
SHA256
f2c702e8c3426b2f761bf7179672bd14d3e145100549341293ae099397df3110
-
SHA512
a40723d73266822fad15d4739d0c29ff57b739b5ac9bf6d64c6310955ba3bf186947da78038359da4bc1e1147a1f196e18b50be29642ca8c5538ab8330ceede5
-
SSDEEP
6144:3yyfOHTXz2PEMbUj5FUGleFPw8/jyFBMiRh8nPr:3yyfOHTD2PjbUjTeNbuF7Rh8nPr
Malware Config
Extracted
lumma
https://strollheavengwu.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2c702e8c3426b2f761bf7179672bd14d3e145100549341293ae099397df3110.exe"C:\Users\Admin\AppData\Local\Temp\f2c702e8c3426b2f761bf7179672bd14d3e145100549341293ae099397df3110.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 3882⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1272 -ip 12721⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1272-1-0x0000000004060000-0x0000000004160000-memory.dmpFilesize
1024KB
-
memory/1272-2-0x0000000005C70000-0x0000000005CBB000-memory.dmpFilesize
300KB
-
memory/1272-3-0x0000000000400000-0x0000000004052000-memory.dmpFilesize
60.3MB
-
memory/1272-4-0x0000000005C70000-0x0000000005CBB000-memory.dmpFilesize
300KB