Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

python310.dll

windows7-x64

1

python310.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

x64/AzureK...ib.dll

windows7-x64

1

x64/AzureK...ib.dll

windows10-2004-x64

1

x64/BugReporter.exe

windows7-x64

1

x64/BugReporter.exe

windows10-2004-x64

1

x64/ComExtractor.exe

windows7-x64

1

x64/ComExtractor.exe

windows10-2004-x64

1

x64/HDHelp...1].exe

windows7-x64

1

x64/HDHelp...1].exe

windows10-2004-x64

1

x64/Micros...st.dll

windows7-x64

1

x64/Micros...st.dll

windows10-2004-x64

1

x64/Micros...ml.dll

windows7-x64

1

x64/Micros...ml.dll

windows10-2004-x64

1

x64/NvSter...1].exe

windows7-x64

1

x64/NvSter...1].exe

windows10-2004-x64

3

x64/VSLaun...1].exe

windows7-x64

1

x64/VSLaun...1].exe

windows10-2004-x64

1

x64/WinUiB...er.dll

windows7-x64

1

x64/WinUiB...er.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    94KB

  • MD5

    9a4cc0d8e7007f7ef20ca585324e0739

  • SHA1

    f3e5a2e477cac4bab85940a2158eed78f2d74441

  • SHA256

    040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92

  • SHA512

    54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3

  • SSDEEP

    1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://evokeoutlooklits.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\comp.exe
      C:\Windows\SysWOW64\comp.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:748
      • C:\Users\Admin\AppData\Local\Temp\Autha.au3
        C:\Users\Admin\AppData\Local\Temp\Autha.au3
        3⤵
        • Loads dropped DLL
        PID:3848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Autha.au3
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\b0f17e5e
    Filesize

    1.8MB

    MD5

    da5cf14c4c31c3958d9ecf3851c69c3c

    SHA1

    fb2e98085c03c38883bc10f4f07b2716fd3dc656

    SHA256

    ce68edb0f0a181015c2a0072db218c9dbf875717a5330a1e518dd003335103af

    SHA512

    5ff6294a1b602408c8e76d6974ae1870de57d43d477d3f284f9e2d3c309c4f58e3e0969f0d882640a8c13fa393058b6bfd8f5aa5c2173b602c43e24cbb031fe5

    Download Submit
  • memory/748-19-0x0000000075AD0000-0x0000000075C4B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/748-10-0x00007FFB99AB0000-0x00007FFB99CA5000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/748-12-0x0000000075AD0000-0x0000000075C4B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/748-13-0x0000000075ADE000-0x0000000075AE0000-memory.dmp
    Filesize

    8KB

    Download
  • memory/748-14-0x0000000075AD0000-0x0000000075C4B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/748-26-0x0000000075ADE000-0x0000000075AE0000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1096-7-0x00007FFB7BB60000-0x00007FFB7BCD2000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1096-6-0x00007FFB7BB60000-0x00007FFB7BCD2000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1096-0-0x00007FFB7BB60000-0x00007FFB7BCD2000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1096-5-0x00007FFB7BB78000-0x00007FFB7BB79000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3848-21-0x0000000000D50000-0x0000000000DA5000-memory.dmp
    Filesize

    340KB

    Download
  • memory/3848-22-0x00007FFB99AB0000-0x00007FFB99CA5000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/3848-24-0x0000000000D50000-0x0000000000DA5000-memory.dmp
    Filesize

    340KB

    Download