lumma | b20d3b5caab986390a57d9b858c330d6fa12fa368809dfc94b90991735dc89d1

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe
Size

527KB
MD5

f2ff32554f5ad69b9a760ebb447eee5e
SHA1

8e73076cab6776ced34defffbdcc98a4882a966f
SHA256

99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615
SHA512

c3e4fcbe3c44968e5dab8d3888defd321579282cac09d4782a283e138707bac8266019008cc17401a510c92203b29ebfdc6228737e4cdcfce5aea2783642e4a7
SSDEEP

12288:HZIeZiEvQJt6ygClo+PceAj4gVLxN8u/AwxcLtap90Xp:HZIgvQdUGS8u4gsapu

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://zippyfinickysofwps.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2960 set thread context of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91
PID 2960 wrote to memory of 4112	2960	99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe	91

C:\Users\Admin\AppData\Local\Temp\99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe
"C:\Users\Admin\AppData\Local\Temp\99cc81196caa729f2e35b124dfb021fe9203a2023c94b1fb01a466af49ced615.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2960-0-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2960-1-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2960-3-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/4112-2-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4112-5-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4112-6-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4112-7-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download