lumma | 8c09b0520cd0a587ccdab5f16b202ef013d9bf3b4fc7653b5afdf480417d33f1

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 13:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

5.8MB
MD5

c34e8f27e5e41acc13f476298be901f5
SHA1

1857dfcf2bbb4e91fed3595395cc6ea1b6e5e425
SHA256

8c09b0520cd0a587ccdab5f16b202ef013d9bf3b4fc7653b5afdf480417d33f1
SHA512

ccc416d96d36b792c59bdfd23c5e2e3b2c08c3498e43af7e0e5b873e0828c23fb30c1f21428fb8f984df99255d232e718422ce95acc8bba888da082f465c6709
SSDEEP

98304:vsMDHDRm8rcgEqQQ5izvWtb2ZaQ9kclxrg/bYzO6TEYJYEHjHO:RHDRLrcgEq55izvWtDaxbBOLYJYmu

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://prettilikeopwp.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4276 set thread context of 2260	4276	Setup.exe	88

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4276	Setup.exe
4276	Setup.exe
2260	more.com
2260	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4276	Setup.exe
2260	more.com

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 2260	4276	Setup.exe	88
PID 4276 wrote to memory of 2260	4276	Setup.exe	88
PID 4276 wrote to memory of 2260	4276	Setup.exe	88
PID 4276 wrote to memory of 2260	4276	Setup.exe	88
PID 2260 wrote to memory of 4380	2260	more.com	98
PID 2260 wrote to memory of 4380	2260	more.com	98
PID 2260 wrote to memory of 4380	2260	more.com	98
PID 2260 wrote to memory of 4380	2260	more.com	98

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Windows\SysWOW64\SearchIndexer.exe
    C:\Windows\SysWOW64\SearchIndexer.exe
    3⤵
    PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4280,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:8
1⤵
PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7748f7d0

Filesize
1.2MB

MD5
d85456bc93bc20de97041fb8f7f79247

SHA1
d155e82d273925a86ef370c9f3fda0a0cb1112ef

SHA256
9046bbd0bcb00410590ff77db0766c8c26f26afa4eb6431b4fb7d5e5aa8d00bf

SHA512
c6ca930fe9f95058c05ec1c2852645c4c2c967e9423bb058633503541e09bd59bdd42b8eb4a1c11892adf73e2774ce11e90303b01f1f31798d56e5ae23f9de7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a98c61b

Filesize
1016KB

MD5
bc259af6a074f0dc1421a82983cba7dc

SHA1
b3dd3b558fa68857f86a44134fb8048dd80a80fc

SHA256
dca6a4e962eec78c1b7c14a30b6b2730773a0c669681e56df7b6abff60a778cf

SHA512
2cd434b4bc20de8fc1fd00c1c7a9834e7a975f45d68d2bef0538047691b9c2f3cba590cd1e5e69b50b9e6ca8ce6e882efb058c069b8baa91e6badd0e3938f616

Download Submit
memory/2260-18-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/2260-12-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/2260-16-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/2260-15-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/2260-14-0x00007FFF1EE30000-0x00007FFF1F025000-memory.dmp

Filesize
2.0MB

Download
memory/4276-10-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/4276-6-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/4276-7-0x00007FFF1EE30000-0x00007FFF1F025000-memory.dmp

Filesize
2.0MB

Download
memory/4276-8-0x0000000074572000-0x0000000074574000-memory.dmp

Filesize
8KB

Download
memory/4276-9-0x0000000074560000-0x00000000745B2000-memory.dmp

Filesize
328KB

Download
memory/4276-0-0x0000000000480000-0x0000000000A5B000-memory.dmp

Filesize
5.9MB

Download
memory/4380-19-0x00007FFF1EE30000-0x00007FFF1F025000-memory.dmp

Filesize
2.0MB

Download
memory/4380-20-0x0000000000AE0000-0x0000000000B3A000-memory.dmp

Filesize
360KB

Download
memory/4380-21-0x0000000000AE0000-0x0000000000B3A000-memory.dmp

Filesize
360KB

Download
memory/4380-22-0x0000000000D1B000-0x0000000000D22000-memory.dmp

Filesize
28KB

Download