Analysis
-
max time kernel
1370s -
max time network
1153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 09:27
Static task
static1
1 signatures
General
-
Target
MeltLaunchеr.exe
-
Size
350KB
-
MD5
b109aa9603e00150bc63d52e7a57d375
-
SHA1
7aeca5f397c98242f6726f0e7a79127daf7f0d58
-
SHA256
8158a96438c4c741bae0453392f1c93bc14cf4138222c3c57a30e15f36c32bc6
-
SHA512
f83c8452d514025a415646fafde373fa4a138b7d12c91d94181e5462ba365a6b6d2325bd3c1280c04b3b705ccda46731f4c1457af2e09ca0ceb4a9648ff60486
-
SSDEEP
6144:8bvqT/2F/shsIL2Ts4+q9GdpUkb6o8Rv226RQpvtBLasR:ey6dshsILas4+q9GdpUkwv7QKnas
Malware Config
Extracted
Family
lumma
C2
https://sessionannoucemenwj.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
MeltLaunchеr.exedescription pid process target process PID 740 set thread context of 4692 740 MeltLaunchеr.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
MeltLaunchеr.exedescription pid process target process PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe PID 740 wrote to memory of 4692 740 MeltLaunchеr.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MeltLaunchеr.exe"C:\Users\Admin\AppData\Local\Temp\MeltLaunchеr.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:740 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4692
-