lumma | 427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254

Analysis

max time kernel
130s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 08:14

Target

427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe
Size

417KB
MD5

894f13cffc8eb730cfa9101564542d60
SHA1

b54cdbd4cf70d7377e66cf66627b0b5ae59b4ade
SHA256

427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254
SHA512

a80037be6638e923c3f4cc512d01604a2ca925f991f81f00ea2e47c9b636f42c5e16a081a92ef64e0daf50f66fce0a93eac7eb13461f2b8583059c68527712c9
SSDEEP

12288:GoGjz7YONFt7DtygOJEITNLL3CEJwK/nK0ag4bl3M5NJGYQMor1x38o:GoGPUctFyT

Score

10^/10

lumma stealer

Family

lumma

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Loads dropped DLL 1 IoCs

pid	Process
8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 8 set thread context of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91
PID 8 wrote to memory of 3816	8	427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe	91

C:\Users\Admin\AppData\Local\Temp\427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\427417924d91dc02a6fd37560db62e8a32ecf0325fae36284b068114dc396254_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2792,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
1⤵
PID:1732

C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
443KB

MD5
72bcb74d6fb1380c8f574cae9bc81ca1

SHA1
2110bf6b5285eb6d4d5448436ee2e53aa27eff3d

SHA256
9296de0e109032252c8c8d30fff275fc1d39796dfb73701d40f0276ee583de2d

SHA512
ca28fd1cf9f02211457a9b38ae652e08fcd3855adf704207e2fe15108f22a23afa56a655edef00f4497702d61be9a5d54c85c78f89dcb8846275c568c2ed4784

Download Submit
memory/8-0-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/8-1-0x0000000000CC0000-0x0000000000D32000-memory.dmp

Filesize
456KB

Download
memory/8-2-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/8-19-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/8-18-0x00000000772A1000-0x00000000773C1000-memory.dmp

Filesize
1.1MB

Download
memory/8-20-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-17-0x00000000004E0000-0x000000000053A000-memory.dmp

Filesize
360KB

Download
memory/3816-13-0x00000000004E0000-0x000000000053A000-memory.dmp

Filesize
360KB

Download
memory/3816-9-0x00000000004E0000-0x000000000053A000-memory.dmp

Filesize
360KB

Download