Analysis Overview
SHA256
cced1a3811e37720251db4e3d5836ea94da430682863ca61b2ff9940b7d56965
Threat Level: Known bad
The file 2.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-09 10:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 10:32
Reported
2024-07-09 10:34
Platform
win7-20240705-en
Max time kernel
15s
Max time network
22s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-09 10:32
Reported
2024-07-09 10:34
Platform
win10-20240404-en
Max time kernel
14s
Max time network
19s
Command Line
Signatures
Lumma Stealer
Processes
C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| N/A | 100.109.89.231:443 | stationacutwo.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| N/A | 100.82.199.67:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| N/A | 100.112.184.237:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| N/A | 100.67.135.28:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| N/A | 100.87.206.25:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| N/A | 100.91.13.153:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| N/A | 100.119.226.61:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| N/A | 100.100.120.19:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| N/A | 100.73.217.103:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| N/A | 100.117.68.160:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 231.89.109.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.184.112.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.199.82.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.135.67.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.206.87.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.13.91.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.226.119.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.120.100.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.217.73.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.68.117.100.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-09 10:32
Reported
2024-07-09 10:34
Platform
win10v2004-20240708-en
Max time kernel
62s
Max time network
65s
Command Line
Signatures
Lumma Stealer
Processes
C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.112.124.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.87.117.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| N/A | 100.79.123.144:443 | stationacutwo.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| N/A | 100.100.21.163:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| N/A | 100.102.209.196:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| N/A | 100.92.232.129:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| N/A | 100.112.30.43:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| N/A | 100.76.80.200:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| N/A | 100.88.142.181:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| N/A | 100.94.32.144:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| N/A | 100.89.16.92:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| N/A | 100.76.79.173:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 144.123.79.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.209.102.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.232.92.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.21.100.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.80.76.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.142.88.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.32.94.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.30.112.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.89.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.79.76.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.186.119.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.250.89.100.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-09 10:32
Reported
2024-07-09 10:34
Platform
win11-20240704-en
Max time kernel
7s
Max time network
15s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| N/A | 100.67.117.184:443 | stationacutwo.shop | tcp |
| N/A | 100.117.62.47:443 | bouncedgowp.shop | tcp |
| N/A | 100.107.242.140:443 | bannngwko.shop | tcp |
| N/A | 100.85.55.237:443 | bargainnykwo.shop | tcp |
| N/A | 100.102.189.188:443 | affecthorsedpo.shop | tcp |
| N/A | 100.126.197.209:443 | radiationnopp.shop | tcp |
| N/A | 100.96.188.207:443 | answerrsdo.shop | tcp |
| N/A | 100.77.137.217:443 | publicitttyps.shop | tcp |
| N/A | 100.74.187.6:443 | benchillppwo.shop | tcp |
| N/A | 100.92.227.140:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 184.117.67.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.62.117.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.55.85.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.197.126.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.188.96.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.137.77.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.187.74.100.in-addr.arpa | udp |