Overview

overview

10

Static

static

7

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    195s
  • max time network
    286s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-04-2024 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7812fd299ceae45beb91439f791a32626dfaed04f75a0c1a68e37c86b7c7bdae.exe

  • Size

    5.5MB

  • MD5

    e54a8705978717ebfdc017906a3c8396

  • SHA1

    c77055a955b210f5b7c64e0a54c876838a77a072

  • SHA256

    7812fd299ceae45beb91439f791a32626dfaed04f75a0c1a68e37c86b7c7bdae

  • SHA512

    580f7e24a3f15150e8763d3ea00f892516848217c520fc18993cb960e3f6380897263aa7496b7490f98990c7770637cc0e5250aff7b7bbc9100ed845a3e8958e

  • SSDEEP

    98304:ITD+zH0PAJ+UDJ9fKaxPIw6uM+aP3XTZIYplRPOPQGtNzGd:ITtMYaxOuMpP3X9IYp/OPQgO

Score
10/10
lummastealervmprotect

Malware Config

Extracted

Family

lumma

C2

https://appliedgrandyjuiw.shop/api

https://birdpenallitysydw.shop/api

https://cinemaclinicttanwk.shop/api

https://disagreemenywyws.shop/api

https://speedparticipatewo.shop/api

https://fixturewordbakewos.shop/api

https://colorprioritytubbew.shop/api

https://abuselinenaidwjuew.shop/api

https://methodgreenglassdatw.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7812fd299ceae45beb91439f791a32626dfaed04f75a0c1a68e37c86b7c7bdae.exe
    "C:\Users\Admin\AppData\Local\Temp\7812fd299ceae45beb91439f791a32626dfaed04f75a0c1a68e37c86b7c7bdae.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2088-0-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-1-0x0000000001210000-0x0000000001AFF000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2088-3-0x0000000001210000-0x0000000001AFF000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2088-4-0x0000000001210000-0x0000000001AFF000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2088-5-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-9-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-10-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-8-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-7-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-6-0x0000000000CE0000-0x0000000000D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2088-11-0x0000000001210000-0x0000000001AFF000-memory.dmp

    Filesize

    8.9MB

    Download