lumma | bb265476a6c725d9781bc778c83db6a9b0424d57003a0ff261b70f746bc7d42e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 18:35

Target

setup_Github.exe
Size

648KB
MD5

21d17308d5c2df371b255ea3075f4644
SHA1

f2e6012493b3b6b70eb2ac21a69db04d3e6cf50d
SHA256

bb265476a6c725d9781bc778c83db6a9b0424d57003a0ff261b70f746bc7d42e
SHA512

38ca5cb6d04db9752629d3e46f72a9a2266cd4c403c86fd49862df9ea55488fa46bc7c7af8e29237804ef3bc4ba484b79fb586855cde940da1d567a185027b71
SSDEEP

12288:Ccwv+96KlFsXHr6vViU/LdlpSL+kNgzXar8U+9veXMRM7Odne3aPdC1zhS9f6Lwr:S+cZXr6AELdHkNFLc

Score

10^/10

lumma stealer

Family

lumma

https://reinforcedirectorywd.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Loads dropped DLL 1 IoCs

pid	Process
3432	setup_Github.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3432 set thread context of 4252	3432	setup_Github.exe	86

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3160	4252	WerFault.exe	86
1140	4252	WerFault.exe	86

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86
PID 3432 wrote to memory of 4252	3432	setup_Github.exe	86

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4252 -ip 4252
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4252 -ip 4252
1⤵
PID:3960

C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
467KB

MD5
433f9caa7edc11203b42ab34b0e3d663

SHA1
5f50d5fc0e36fd1a6de32ac1e84f1090fd4a6ee9

SHA256
fa53734ff1da7285e08d49714a233c330a1ac61053a16f7a8be508c9bd37b212

SHA512
9b8e5021d4e3a03b431bc9b973aca33384d728cd955f42a75ed03a03e2c4c9f6ead5f877d640f6a0cf72c19cc4c3fe63c5da17b93b558340ebc599c63319c5ad

Download Submit
memory/3432-0-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/3432-1-0x0000000000240000-0x00000000002E8000-memory.dmp

Filesize
672KB

Download
memory/3432-2-0x0000000000A50000-0x0000000000A56000-memory.dmp

Filesize
24KB

Download
memory/3432-18-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/3432-19-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4252-13-0x0000000000360000-0x00000000003B5000-memory.dmp

Filesize
340KB

Download
memory/4252-9-0x0000000000360000-0x00000000003B5000-memory.dmp

Filesize
340KB

Download
memory/4252-17-0x0000000000360000-0x00000000003B5000-memory.dmp

Filesize
340KB

Download