Overview
overview
10Static
static
3100e14f03b...37.exe
windows10-2004-x64
1014e92d7584...fd.exe
windows7-x64
314e92d7584...fd.exe
windows10-2004-x64
10228c350439...1a.exe
windows7-x64
3228c350439...1a.exe
windows10-2004-x64
10236732ce45...d5.exe
windows7-x64
3236732ce45...d5.exe
windows10-2004-x64
102a0ae333a9...1a.exe
windows7-x64
32a0ae333a9...1a.exe
windows10-2004-x64
102b467ee19e...44.exe
windows7-x64
32b467ee19e...44.exe
windows10-2004-x64
10399f6dfec3...0c.exe
windows10-2004-x64
103ddd80ba69...8c.exe
windows7-x64
33ddd80ba69...8c.exe
windows10-2004-x64
104be1f370e8...6b.exe
windows7-x64
34be1f370e8...6b.exe
windows10-2004-x64
1065a31de21f...f0.exe
windows10-2004-x64
10790345d8c0...0a.exe
windows7-x64
3790345d8c0...0a.exe
windows10-2004-x64
107a5164cea0...f7.exe
windows7-x64
37a5164cea0...f7.exe
windows10-2004-x64
109a7761a218...43.exe
windows7-x64
39a7761a218...43.exe
windows10-2004-x64
10a26df59e48...78.exe
windows10-2004-x64
10c0c8fc8c3b...49.exe
windows7-x64
3c0c8fc8c3b...49.exe
windows10-2004-x64
10c4172a7d8d...fa.exe
windows7-x64
3c4172a7d8d...fa.exe
windows10-2004-x64
10d3855d0640...68.exe
windows7-x64
3d3855d0640...68.exe
windows10-2004-x64
10d6c7041aa6...93.exe
windows7-x64
3d6c7041aa6...93.exe
windows10-2004-x64
10Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 05:30
Static task
static1
Behavioral task
behavioral1
Sample
100e14f03bac13fc1c4e178555a3dd9d1c0a021aa089b6b88cb8065f8163e837.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
14e92d75842bf0e1bcae35adc805c07925a4a6d97655b90182b6147b5efbaffd.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
14e92d75842bf0e1bcae35adc805c07925a4a6d97655b90182b6147b5efbaffd.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe
Resource
win7-20240419-en
Behavioral task
behavioral5
Sample
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
236732ce453b741f26e2fb94d54ade44d3d1ae332c52f6d420a1dcc1c8d05dd5.exe
Resource
win7-20240508-en
Behavioral task
behavioral7
Sample
236732ce453b741f26e2fb94d54ade44d3d1ae332c52f6d420a1dcc1c8d05dd5.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
2b467ee19e1542f60392c1b29a264ffabce3e9a8da48a4707e8d8f1bea1d1244.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
2b467ee19e1542f60392c1b29a264ffabce3e9a8da48a4707e8d8f1bea1d1244.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
399f6dfec39b77c21a8b31e45c5c8fb863a8b28a73a4923ff7543886ebfa0c0c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
3ddd80ba692516ca1977cdf6eb25ad59de7b9e87f447a412e2468a77ad1bbd8c.exe
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
3ddd80ba692516ca1977cdf6eb25ad59de7b9e87f447a412e2468a77ad1bbd8c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
4be1f370e880d06da141a2c9957de478c40592a3abf6312aa8c2ef401a37d36b.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
4be1f370e880d06da141a2c9957de478c40592a3abf6312aa8c2ef401a37d36b.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
65a31de21fb11e9ed0db8f58105c54bbfc7953f539d85a946293e38e9065bbf0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
790345d8c07ae982c606f2db111e6ff6a2bae42847c106a6f096f208f1653d0a.exe
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
790345d8c07ae982c606f2db111e6ff6a2bae42847c106a6f096f208f1653d0a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
7a5164cea09551d97475639ab8fb782d5fff907df5db0ff94ae2cb2a3b40dcf7.exe
Resource
win7-20240508-en
Behavioral task
behavioral21
Sample
7a5164cea09551d97475639ab8fb782d5fff907df5db0ff94ae2cb2a3b40dcf7.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral22
Sample
9a7761a218bd7bd89d897848e3eafea1a05f151c3ab44668124ffa35c4d3a743.exe
Resource
win7-20240220-en
Behavioral task
behavioral23
Sample
9a7761a218bd7bd89d897848e3eafea1a05f151c3ab44668124ffa35c4d3a743.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
a26df59e48ff80e63c4ae80b1ca4da56cf0629cdcaaa173b3f510b0b20722f78.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
c0c8fc8c3baf26ce045fa13a8b1bf6d6051171f13321183317fc587bd5217e49.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
c0c8fc8c3baf26ce045fa13a8b1bf6d6051171f13321183317fc587bd5217e49.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
c4172a7d8d27c8367cd7a3b7b3d410e4678ddfd8748e6bf631c21e8f639c7efa.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
c4172a7d8d27c8367cd7a3b7b3d410e4678ddfd8748e6bf631c21e8f639c7efa.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
d3855d0640853387bc0df63e4ddcbc8af40e8cbb259b6be8049d23526e31dd68.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
d3855d0640853387bc0df63e4ddcbc8af40e8cbb259b6be8049d23526e31dd68.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
d6c7041aa6a01fcdc7f6a9f60c8eaf8edcbcc73cb1802bc3623346b3b3219693.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
d6c7041aa6a01fcdc7f6a9f60c8eaf8edcbcc73cb1802bc3623346b3b3219693.exe
Resource
win10v2004-20240508-en
General
-
Target
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe
-
Size
1.2MB
-
MD5
70c96bf7fd8b873fd3d55511a01b38fa
-
SHA1
84fe856169f0018cada3ecc77b9afcbeef830459
-
SHA256
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a
-
SHA512
0c8bdbd699dcfc757302cbec0cd7a0f1f97f1061eef1f6c4739b31625c335504c20c8d4b4095e02963c378a0bad10018264a35eceeb88553bc679676ef1e8fc5
-
SSDEEP
24576:n2z0iTPmcOFrydXT0i9JYMsMy9XD6QmFQBLqs:n2AhFrydXT0EoHmWqs
Malware Config
Extracted
lumma
https://sofaprivateawarderysj.shop/api
https://lineagelasserytailsd.shop/api
https://tendencyportionjsuk.shop/api
https://headraisepresidensu.shop/api
https://appetitesallooonsj.shop/api
https://minorittyeffeoos.shop/api
https://prideconstituiiosjk.shop/api
https://smallelementyjdui.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exedescription pid process target process PID 4020 set thread context of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exedescription pid process target process PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe PID 4020 wrote to memory of 1824 4020 228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe"C:\Users\Admin\AppData\Local\Temp\228c35043919b5a4d810fd11dbb1b9646333aa6e75788617e4cc4ac41ab07a1a.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4020 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1824
-