Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

#^FulL_PcS...up.exe

windows7-x64

7

#^FulL_PcS...up.exe

windows10-2004-x64

10

#^FulL_PcS...up.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    #^FulL_PcSetUp_2025_Pas$W0rd$.zip

  • Size

    12.4MB

  • Sample

    240619-ym1vrsygkh

  • MD5

    ab9a433a8dfe29b80efc4dd932561408

  • SHA1

    4fe74323dfea3bf43f8697ba2236fae01a1b6a42

  • SHA256

    5ba092e36081a762824cbeb5871a29124c6fe01cf3f3a9a567aee17162975819

  • SHA512

    0c594685cf690885e31b212db6ff84619785d0b900a48a4a6c48c2ed7713e3cd93b9cf01ff707b10b7d7b4eaf1e68463b0cbb37aa9ae827a772301d432eb75dc

  • SSDEEP

    196608:JXnmByFf97x4qWHMqglxM6k6KPeSOG/x5MAWhVIuPHU+6F/BWdbhxUBLmGoE7+/D:6yFfsqKzgJe1X/KV1UxFJederyL

Score
10/10
lummapersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://acceptconvectiiw.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

    • Target

      #^FulL_PcSetUp_2025_Pas$W0rd$/Setup.exe

    • Size

      25.3MB

    • MD5

      30b0026d73559a579790bfcbf420c860

    • SHA1

      3c046bfa0fc9fb4182a73ae644623d3a533799a0

    • SHA256

      5b62a7ad41c986edbb249112793628eb2f2679cfdccf9ae23b3c12cc7baa4c4e

    • SHA512

      315893a856b7230d5d88b923898fc24e3c7e48cdffd2e7a689ef1ff5d94baabc4ab75fbc3824a9cbbd52ff67652a64b8f6f39a2d3fad8a8428f18fbea7e27766

    • SSDEEP

      393216:d9jmwJGRFpRdOupOibnGa3dTYDqAp6tn9cTfCq:bjLibGmTYItnJq

    Score
    10/10
    persistenceprivilege_escalationlummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks