Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 17:56
Static task
static1
Behavioral task
behavioral1
Sample
Insomnia.exe
Resource
win7-20240221-en
General
-
Target
Insomnia.exe
-
Size
533KB
-
MD5
03a847ab7c37c2afc5153913ff897be3
-
SHA1
e9a9b56bb97a039a6063c7b70d398bf2f0038072
-
SHA256
67fcab0ea895e69d884bf283088d75a4051062b3c5c028325042fe2d13af52d8
-
SHA512
ee7750ce6c2497eced516b094e61ff05497bbefb83efaa6fb172e9e02ccc475ad9fbf0f04009921b9e0db538d7a511c7884174955c207292aae0ccc72e8a8791
-
SSDEEP
12288:RxYEZoQZq11WygpAKRcT3hUVwabQIP+P0Xp:RxY0Zq1KRW3hUuan
Malware Config
Extracted
lumma
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Insomnia.exedescription pid process target process PID 4420 set thread context of 2748 4420 Insomnia.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Insomnia.exedescription pid process target process PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe PID 4420 wrote to memory of 2748 4420 Insomnia.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Insomnia.exe"C:\Users\Admin\AppData\Local\Temp\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2748-2-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/2748-5-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/2748-6-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/2748-7-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/4420-0-0x0000000000BE0000-0x0000000000BE1000-memory.dmpFilesize
4KB
-
memory/4420-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmpFilesize
4KB
-
memory/4420-3-0x0000000000BE0000-0x0000000000BE1000-memory.dmpFilesize
4KB