Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11-07-2024 03:56
Static task
static1
Behavioral task
behavioral1
Sample
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe
Resource
win7-20240708-en
General
-
Target
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe
-
Size
530KB
-
MD5
f86ed3870e7bdff3fbf304b69cff14a3
-
SHA1
96b60aa50afb2efedb87d4d344a052e85215941d
-
SHA256
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd
-
SHA512
e9c1352d954dbc90cc9ad082acd2d6148580c6c97c339d0c9adc2ce34ca84c44b1b1c6c9a3f81af570615423227f9ca3d8938d1a3ec24ce8c39095abf5e51168
-
SSDEEP
12288:/RyWcpG0Sv9+XyyqxhzjnSnWfSkOOEwMErCjRq3rR:/+pG06AuhYGdo07
Malware Config
Extracted
lumma
https://demandlinzei.shop/api
https://applyzxcksdia.shop/api
https://replacedoxcjzp.shop/api
https://declaredczxi.shop/api
https://catchddkxozvp.shop/api
https://arriveoxpzxo.shop/api
https://contemplateodszsv.shop/api
https://bindceasdiwozx.shop/api
https://conformfucdioz.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exedescription pid Process procid_target PID 2040 set thread context of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exedescription pid Process procid_target PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86 PID 2040 wrote to memory of 4500 2040 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe"C:\Users\Admin\AppData\Local\Temp\4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4500
-