lumma | b7ac4c2bf9e7750e0f37ce0a7601357719d44f526f5eb7c18c62b7e509b7bf27

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:09

Target

Setup.exe
Size

466KB
MD5

a45fcbd4b430c4fd4ee740f8822adbaa
SHA1

714deba8f75ce7ffa63d4d44ae0b836d41a53ffe
SHA256

b7ac4c2bf9e7750e0f37ce0a7601357719d44f526f5eb7c18c62b7e509b7bf27
SHA512

8d682225e25da1e93ad2afe6fb0d4f05774c986e6758b0f16c10910c5be623433748f22f7ef76cf450ed1d5668515aa0c347e0adc1401fe6e06ebdf0806cf0ec
SSDEEP

6144:Qdb/Q+n2NgF7CcdUbzMA+tV+J38qF+qw6nBMQyepZmEL2KaKQyabo2E1VnUZm+oc:Qd/Q+cQ2w+J3VFu6nBHye9VaMbtUhMM

Score

10^/10

lumma stealer

Family

lumma

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

Setup.exe

description pid process target process

PID 3440 set thread context of 1940 3440 Setup.exe RegAsm.exe

description	pid	process	target process
PID 3440 set thread context of 1940	3440	Setup.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

Setup.exe

description	pid	process	target process
PID 3440 wrote to memory of 1492	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1492	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1492	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 5100	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 5100	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 5100	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe
PID 3440 wrote to memory of 1940	3440	Setup.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1492
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5100
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1940

memory/1940-2-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1940-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1940-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1940-7-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3440-0-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/3440-1-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/3440-3-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download