Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    277KB

  • MD5

    4e86daaa61c7d8709cc696921f8b98e9

  • SHA1

    0b17183cd1b0c883398ab435a95de12fe51a512e

  • SHA256

    23cfec6448915ea72e1641a9c36fa44cffc5accd8c731cc4ebb600a0ca643dbf

  • SHA512

    ad5cfe045b0f9a800c23236a30614aa7af3b619e7b1ef782f46ff947c963bb4362bbc7b9fdb714b3f351de40815e335175439cda01e718713c61ce55f3ca90d5

  • SSDEEP

    6144:mzgv9Yiq0Si+Jfwwhllf8BGLfTEgaq7+qlApkBuJtB7cEO:lWt0Si+VwYllf8BGrTnaOMQAB7cEO

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://torubleeodsmzo.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2720-12-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-3-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-10-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-14-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2720-4-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-7-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-6-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-5-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2720-15-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2776-1-0x0000000000B90000-0x0000000000BDA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2776-13-0x0000000073BE0000-0x00000000742CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2776-0-0x0000000073BEE000-0x0000000073BEF000-memory.dmp

    Filesize

    4KB

    Download