Analysis Overview
SHA256
d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5
Threat Level: Known bad
The file d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5 was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-21 08:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 08:21
Reported
2024-05-21 08:24
Platform
win7-20240221-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5.exe
"C:\Users\Admin\AppData\Local\Temp\d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5.exe"
Network
Files
memory/2188-2-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/2188-1-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/2188-5-0x00000000006C0000-0x00000000006C4000-memory.dmp
memory/2188-3-0x00000000003F0000-0x00000000003F7000-memory.dmp
memory/2188-7-0x00000000006D0000-0x00000000006E9000-memory.dmp
memory/2188-0-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/2188-14-0x00000000003F3000-0x00000000003F7000-memory.dmp
memory/2188-16-0x00000000006D0000-0x00000000006E9000-memory.dmp
memory/2188-15-0x00000000006C0000-0x00000000006C4000-memory.dmp
memory/2188-13-0x00000000003F0000-0x00000000003F7000-memory.dmp
memory/2188-12-0x00000000003E3000-0x00000000003EA000-memory.dmp
memory/2188-11-0x0000000002380000-0x00000000023D5000-memory.dmp
memory/2188-10-0x00000000006D3000-0x00000000006E9000-memory.dmp
memory/2188-9-0x0000000000407000-0x0000000000421000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 08:21
Reported
2024-05-21 08:24
Platform
win10v2004-20240426-en
Max time kernel
143s
Max time network
130s
Command Line
Signatures
Lumma Stealer
Processes
C:\Users\Admin\AppData\Local\Temp\d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5.exe
"C:\Users\Admin\AppData\Local\Temp\d7809d4936e59199744d7e0384807963821745e3de18eaec4715887a1687b9c5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.170:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | negotitatiojdsuktoos.shop | udp |
| US | 8.8.8.8:53 | 170.61.62.23.in-addr.arpa | udp |
| US | 172.67.202.217:443 | negotitatiojdsuktoos.shop | tcp |
| US | 8.8.8.8:53 | 217.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 172.67.184.107:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 8.8.8.8:53 | 107.184.67.172.in-addr.arpa | udp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | 202.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | 163.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 172.67.203.218:443 | employhabragaomlsp.shop | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 172.67.131.36:443 | stalfbaclcalorieeis.shop | tcp |
| NL | 23.62.61.170:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 104.21.49.245:443 | civilianurinedtsraov.shop | tcp |
| US | 8.8.8.8:53 | 218.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 172.67.146.92:443 | roomabolishsnifftwk.shop | tcp |
| US | 8.8.8.8:53 | 36.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/2896-2-0x0000000000860000-0x000000000086A000-memory.dmp
memory/2896-1-0x0000000000860000-0x000000000086A000-memory.dmp
memory/2896-9-0x0000000002320000-0x0000000002339000-memory.dmp
memory/2896-8-0x0000000002320000-0x0000000002339000-memory.dmp
memory/2896-7-0x0000000002310000-0x0000000002314000-memory.dmp
memory/2896-6-0x0000000002310000-0x0000000002314000-memory.dmp
memory/2896-5-0x0000000000880000-0x0000000000887000-memory.dmp
memory/2896-4-0x0000000000880000-0x0000000000887000-memory.dmp
memory/2896-3-0x0000000000407000-0x0000000000421000-memory.dmp
memory/2896-0-0x0000000000400000-0x00000000006B8000-memory.dmp