Analysis
-
max time kernel
9s -
max time network
6s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 18:58
General
-
Target
Setup.exe
-
Size
484KB
-
MD5
d79d86e21903feb6e6cdca75781fdf72
-
SHA1
c51266a3f6098489764579c4a62b8509249f00e5
-
SHA256
752d6e53a9b54783a5a37b5a2c8bc10eeeaa7af734d3f562297d4431fb5921bf
-
SHA512
5db949be49d0991ebf362436d499b2d03c183b6fcfa6902fa2b3f50cc326b504f8da321d9cfab551d8406e30cd640dc410fd34adb5ac4bfbae65e20bfa78817c
-
SSDEEP
12288:Ody0t/5TvlH4nVnlb2AU8r8gGXFzfN28Ny:S/5jlQJ2AVog05j
Malware Config
Extracted
Family
lumma
C2
https://incredibleextedwj.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 4284 set thread context of 3604 4284 Setup.exe 88 -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88 PID 4284 wrote to memory of 3604 4284 Setup.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:3604
-