lumma | 9805f81a13aaa68a2026a38b70b1fdd1d76fee0ff63916c669d728c6e4dc3b7e

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe
Size

492KB
MD5

c40f810518e4290ab7fc1e07e5c83ff9
SHA1

9f8bc2e44eb00b71047c04864e007225eb9779c9
SHA256

566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3
SHA512

044be66f51e52b07e77105dcf1ab2b1c099636eaa557124e5e442b6c6383564d578c21f1a6a0a0a0caecb433a16a3f552b27aa5e714cccaf9bc01f2b741335fd
SSDEEP

12288:d4w4rJNNGCt//w5qVN2iu79mnxhyC4GNq/SBoCe:/4rfN5Xw5qVN2H79mrymyR

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2240 set thread context of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91
PID 2240 wrote to memory of 3668	2240	566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe	91

C:\Users\Admin\AppData\Local\Temp\566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe
"C:\Users\Admin\AppData\Local\Temp\566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2240-0-0x0000000000ACA000-0x0000000000ACC000-memory.dmp

Filesize
8KB

Download
memory/3668-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3668-3-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3668-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3668-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download