Overview

overview

10

Static

static

3

05a9a79162...de.exe

windows7-x64

1

05a9a79162...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05a9a79162cd5a6d6190ccb610eaaaa18367138afe3c98b07c9730f98871eede.exe

  • Size

    326KB

  • MD5

    46504a1da8d6edb794b0e07a9fe7762d

  • SHA1

    f1bf257603e67954802da234f22223efb2ff42e5

  • SHA256

    05a9a79162cd5a6d6190ccb610eaaaa18367138afe3c98b07c9730f98871eede

  • SHA512

    056cf3d968926d733c8075524749b61773002288c09e385ca48a602ea916a358e7d8f4b1b4806b1a8a2524475c105fb797d25f0112d6c4470ac0a44c704afb42

  • SSDEEP

    6144:sscvFONHWZOBrrrw0Rhxp0YYcN54JQm2hvHshIHTu:sscvAN20Bro0HVvr5hWw

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://whispedwoodmoodsksl.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05a9a79162cd5a6d6190ccb610eaaaa18367138afe3c98b07c9730f98871eede.exe
    "C:\Users\Admin\AppData\Local\Temp\05a9a79162cd5a6d6190ccb610eaaaa18367138afe3c98b07c9730f98871eede.exe"
    1⤵
      PID:1908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 388
        2⤵
        • Program crash
        PID:1080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1908 -ip 1908
      1⤵
        PID:404

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1908-2-0x00000000041B0000-0x00000000041FD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/1908-1-0x0000000002910000-0x0000000002A10000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1908-3-0x0000000000400000-0x0000000000458000-memory.dmp

        Filesize

        352KB

        Download

      • memory/1908-4-0x0000000000400000-0x000000000258D000-memory.dmp

        Filesize

        33.6MB

        Download

      • memory/1908-6-0x00000000041B0000-0x00000000041FD000-memory.dmp

        Filesize

        308KB

        Download