Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 22:13

General

  • Target

    crypted.exe

  • Size

    519KB

  • MD5

    1b1c7e6e96667a6a758b22d444de57a7

  • SHA1

    3eafd122d0814ee5aeb35a9bce975805a8cf6744

  • SHA256

    e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90

  • SHA512

    2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7

  • SSDEEP

    12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://employhabragaomlsp.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\crypted.exe
    "C:\Users\Admin\AppData\Local\Temp\crypted.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:3260
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffffd7aab58,0x7ffffd7aab68,0x7ffffd7aab78
        2⤵
          PID:2236
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:2
          2⤵
            PID:1932
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
            2⤵
              PID:1536
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2100 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
              2⤵
                PID:4140
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:1
                2⤵
                  PID:1236
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:1
                  2⤵
                    PID:4892
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:1
                    2⤵
                      PID:956
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4268 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
                      2⤵
                        PID:3208
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
                        2⤵
                          PID:1488
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
                          2⤵
                            PID:4708
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
                            2⤵
                              PID:4440
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:8
                              2⤵
                                PID:2756
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                2⤵
                                  PID:4732
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff687e2ae48,0x7ff687e2ae58,0x7ff687e2ae68
                                    3⤵
                                      PID:4360
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4416 --field-trial-handle=2120,i,18105897509687587238,5540260675841650826,131072 /prefetch:1
                                    2⤵
                                      PID:4808
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:1484

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                      Filesize

                                      206KB

                                      MD5

                                      f998b8f6765b4c57936ada0bb2eb4a5a

                                      SHA1

                                      13fb29dc0968838653b8414a125c124023c001df

                                      SHA256

                                      374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

                                      SHA512

                                      d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      bddef71c725d5000f70d59a2e3e28bf7

                                      SHA1

                                      ea109986732a6f7798e13aee8e874aa0929f97bd

                                      SHA256

                                      718c177830e40f577476f9e609b0c8827a8f2f923775c3499fa1dd36f575360d

                                      SHA512

                                      6b292e270d9f42b407c6aba323fa8979f21031332a55efcbf3be65b6c701823fc4e27ba23df146fd5735d7fa8871ed9f21b075ea87bb326c73d49a030d0416c5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      356B

                                      MD5

                                      ad2720f89564c9f44b87b364c8daec36

                                      SHA1

                                      4054119598707cfd0b932e498ee27afa88489dcf

                                      SHA256

                                      4ff340b7523986d0f42228f7db7ed5315e1ae4fad86524cf6d1acf3f43099375

                                      SHA512

                                      e126846bf5080808d88e2e75f537648dc11261f3f71ebad83c6acece703f11f9196b4a65509e51214d35a6fd6f9bba16064f2c1e612294bbb54164112b5d3702

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d18d94f3-ebe1-4f29-a75c-1385ee0d0ff6.tmp

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      064ab32d9370dea1f3a0e26da1a07a7f

                                      SHA1

                                      97103a848a66881a36b5515f5755876c7d9fb6f9

                                      SHA256

                                      20cbbfd231d7ecdcc737a6dce64b111ec20c28a05e6e42d1698063c4912e8706

                                      SHA512

                                      69f5a0c141bd4696ecd2b848d0d9dbd4e4223159da80148efc055b2ef7d753238de945fef979eb73a3da151c5788dafa5439d1282315c5190663507da9c78f9a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      c73176ce00b7252a5b9c5324a4582d98

                                      SHA1

                                      419444a28522eb25b9176e0518be847030c36a9c

                                      SHA256

                                      82d88b383609d7a31c2639f13f309eda28fcbc8caf18e4f3856556d1db2b5075

                                      SHA512

                                      920054948bddfbecf93071aa03117dea4fc06af521532ae96181ccee8fd6786fdf68fc53dc01f9b7af67eb666478049c12ec2fb9e07dbe39033dbece4759955c

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      229dbedb61d4746faca1e0257f8877ef

                                      SHA1

                                      70068e8aad26442b865f4eb7d4ccd2f97ee36d3c

                                      SHA256

                                      7e1511f1bc39b4101a7be1fe464eba00d941f1372974b1526ae746634f242b3e

                                      SHA512

                                      e28884e4bd53ec6015051f76ce75ffd55d9f4d80b8ca087323108779f1754c1497819e03aa6438b1150b03c370db34b10339a85ee196d95ba33c66023ef68e01

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                      Filesize

                                      16KB

                                      MD5

                                      8ef993322775511243ae1f7fdc28c677

                                      SHA1

                                      9cc02b6161d0bc73a5bcdb28f7c1e0e75c085912

                                      SHA256

                                      15aafe369a35a12fbe5c6775212a678ac741808bad44ffceb54d118d6d6f0aa7

                                      SHA512

                                      423e0894944402d5adbe3289c3a88bdaaf121d11348f6acb609091bfbf3bfcfed371e21b2d1e2296d9384d8d401238e51730d6dcebe6dee81aa17c31f9ace747

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      260KB

                                      MD5

                                      2771349e611aefdf0d448bea81ea101d

                                      SHA1

                                      de0fd55fba8df3e682fdef2ed5038fa936eb8e2b

                                      SHA256

                                      3af4104039a849f3e04983ec25ceea6aa537404155e9a1fc44b98e1f276f8c2f

                                      SHA512

                                      bcc3de4612da51553751717d0072fb55081ac171de1ccf9305397f14d89199357bbde8260575459c342f0770377406068b19617acb1d7f551cc0f274286f3c92

                                    • \??\pipe\crashpad_2328_XLLTXUGLJLMBAFLN

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/3260-6-0x0000000000400000-0x0000000000455000-memory.dmp

                                      Filesize

                                      340KB

                                    • memory/3260-5-0x0000000000400000-0x0000000000455000-memory.dmp

                                      Filesize

                                      340KB

                                    • memory/3260-4-0x0000000000400000-0x0000000000455000-memory.dmp

                                      Filesize

                                      340KB

                                    • memory/3260-1-0x0000000000400000-0x0000000000455000-memory.dmp

                                      Filesize

                                      340KB

                                    • memory/4420-0-0x0000000000660000-0x0000000000661000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4420-2-0x0000000000660000-0x0000000000661000-memory.dmp

                                      Filesize

                                      4KB