Overview

overview

10

Static

static

10

gepcdS.exe

windows7-x64

10

gepcdS.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    6s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gepcdS.exe

  • Size

    1.2MB

  • MD5

    84c630d15b217a4739ba250474f8adc2

  • SHA1

    7adb7fd3bff686a3b4a32e6492a785bb6a5114c2

  • SHA256

    8251cf1d380cc480f3ad8cae8b11307ea5264105856091d1588cd68abdd1d62a

  • SHA512

    996717af4a53e4e428d8b4c7105cbe0b33e93b5d86a4a4703ed88c48b298fad77edf66453cf11b27782086b285fd569345cda1651dc53aecaccd552a4edfed1a

  • SSDEEP

    24576:jkuThgREUU9cEieHXV7yN0buhgYsbOlN9U3jaPsM:jkudyEy0b2lNy3jKsM

Score
10/10
lummaevasionstealer

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gepcdS.exe
    "C:\Users\Admin\AppData\Local\Temp\gepcdS.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Looks for VMWare Tools registry key
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2940-16-0x0000000001350000-0x0000000001481000-memory.dmp

    Filesize

    1.2MB

    Download