Analysis
-
max time kernel
132s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27-05-2024 01:06
Static task
static1
Behavioral task
behavioral1
Sample
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe
Resource
win7-20240221-en
General
-
Target
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe
-
Size
8.8MB
-
MD5
abe4d6f2f3fc583003b70c8c0e24e268
-
SHA1
9090db13cf2cb3e8036b2911c0124b6de6d1e3a0
-
SHA256
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5
-
SHA512
1dac0f0d1642061642f4e945a4bb8caf5b19d631bf6209f89257d439be059df89282962f9a3dd0f44c8859f300d1206c6996cf1b9e8bc63c5ed6e321f207b29a
-
SSDEEP
49152:oA1RVfVkJix2rb/TXvO90d7HjmAFd4A64nsfJCzGoi5Upu19lpH5pIm/Y3dNdvns:D2JisGW097Im/Y43uLw7nvE7Qwuiq9
Malware Config
Extracted
lumma
https://questionconservawuts.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exedescription pid process target process PID 228 set thread context of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exedescription pid process target process PID 228 wrote to memory of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 228 wrote to memory of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 228 wrote to memory of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 228 wrote to memory of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 228 wrote to memory of 3548 228 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe"C:\Users\Admin\AppData\Local\Temp\454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:3548