Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Installer/...er.exe

windows7-x64

7

Installer/...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    36s
  • max time network
    13s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installer/Installer.exe

  • Size

    627KB

  • MD5

    fb34d2867b0e9b76b7397308d06a1f99

  • SHA1

    8f78602c6f94e37d411e2d93f609fc4d83fc6e7c

  • SHA256

    3552f5481c4c102368def25f8836b823ff99f709637c1f4c2df05006d7bbe68e

  • SHA512

    d3f99a78b93dba8d60f1ec2e5b60038a24ed9dccf9cf212e2d7e54cdcf5a240be418443efe7d6b6fe5550ff351bfc60076f6422c3f6746ffb0992c440ec2df1a

  • SSDEEP

    12288:xSjzAHddkL4iiO2xqC+JuQDZMRRG5DUvYEOhIwC59VETELZ5rW2steZxSAQMirjE:xSjzA9dBD2I

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Loads dropped DLL 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installer\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Installer\Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4332
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\d3d9.dll
      Filesize

      442KB

      MD5

      036ad99c0cd556d3c78370d54d9d5cb8

      SHA1

      917cabadff79e6b3ae9fccceb4255c72dce545c2

      SHA256

      219c10326c4a2b864645ceb28f79dfb09b609123a7da18c0798f5bac051063f9

      SHA512

      7593c832147d3bc7c6ebc4efd625370bdfcb9e1ff7dc45ae9ba91107c79c19ff6f75129583077a6bc30fb52f35f3c9ec5b1c16bed4436e6dd62060ca8cace531

      Download Submit

    • memory/4332-12-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4332-10-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4332-16-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4332-17-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4592-0-0x00000000749FE000-0x00000000749FF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4592-1-0x0000000000170000-0x0000000000216000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4592-2-0x00000000024C0000-0x00000000024C6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4592-8-0x00000000749F0000-0x00000000751A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4592-15-0x00000000749F0000-0x00000000751A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4592-14-0x00000000749F0000-0x00000000751A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4592-18-0x00000000749F0000-0x00000000751A0000-memory.dmp

      Filesize

      7.7MB

      Download