Overview

overview

7

Static

static

3

Lucifer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 08:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Lucifer.exe

  • Size

    96KB

  • MD5

    e3d41c385bb6d23a1f09257033ccfb33

  • SHA1

    a2ede7bc41adb444e3e3b63e604190d5379d859d

  • SHA256

    cb59ccab7312cee6a0b136bb2ccb847e2e5bf42910db9de1e9570c26e23bfecf

  • SHA512

    5fdfdf13f894a87171a9d40876c9b39155e0ac744e5b375b21216b62a9e219138968804827022ed4a9dff33e6ab19142b74a878ed6e37255475ea7dceed0296c

  • SSDEEP

    1536:j2iaAUlVQAIzhqdxAGgwywvNprF2zOnxDqjYar+8v9DJQlFFB8gRjo3qMyIE:jqli58fVgw9rFxEY7gQzBMqMyIE

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lucifer.exe
    "C:\Users\Admin\AppData\Local\Temp\Lucifer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2704
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1428

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2704-0-0x00007FF8CF3B5000-0x00007FF8CF3B6000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2704-1-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-2-0x000000001B7F0000-0x000000001B824000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2704-3-0x000000001B8D0000-0x000000001B976000-memory.dmp

            Filesize

            664KB

            Download

          • memory/2704-5-0x000000001BE50000-0x000000001C31E000-memory.dmp

            Filesize

            4.8MB

            Download

          • memory/2704-4-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-6-0x000000001C420000-0x000000001C4BC000-memory.dmp

            Filesize

            624KB

            Download

          • memory/2704-7-0x000000001B5D0000-0x000000001B5D8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2704-8-0x000000001C680000-0x000000001C6CC000-memory.dmp

            Filesize

            304KB

            Download

          • memory/2704-9-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-10-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-11-0x000000001DC00000-0x000000001DF0E000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2704-12-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-13-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-14-0x00007FF8CF3B5000-0x00007FF8CF3B6000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2704-15-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-16-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2704-17-0x00007FF8CF100000-0x00007FF8CFAA1000-memory.dmp

            Filesize

            9.6MB

            Download