Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 20:43
Static task
static1
Behavioral task
behavioral1
Sample
4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3.exe
Resource
win11-20240419-en
General
-
Target
4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3.exe
-
Size
296KB
-
MD5
cd340a33b8c63ac410dd9d25f1e2e499
-
SHA1
188f2e26d9b96c7ca59326960c4dbf55eae9cd14
-
SHA256
4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3
-
SHA512
bc338a8a54d2776e36ad037d012a3c751f0ea783c0fe51cdf9e1607311c45d8df3a4010baed15d5b0836e9c4158e06c462d87fc6d5cd7de9e171b15d7dc38060
-
SSDEEP
6144:NoTAv61y6b3pR8cDr8Yn3SyOsEnySpOAmOUoHO:161n3nCDnhoau
Malware Config
Extracted
lumma
https://whispedwoodmoodsksl.shop/api
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3.exe"C:\Users\Admin\AppData\Local\Temp\4e5420bc6af046308d49c4aa92e8670fcd664e55f800afc6354cf3b1c4da04c3.exe"1⤵PID:1996
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 11362⤵
- Program crash
PID:1820
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1996 -ip 19961⤵PID:2420