Overview

overview

10

Static

static

3

SecuriteIn...90.exe

windows7-x64

10

SecuriteIn...90.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.InjectNET.17.22463.10190.exe

  • Size

    13KB

  • MD5

    7f6a8b1d6c59590e8adf10eb2941399f

  • SHA1

    211011033999d21b16f30c544bbecf39409a8864

  • SHA256

    8d4f3d42bbc1b0df52d15930475f19fc43c5f622ecc8d9e9ced3473096ebe697

  • SHA512

    f3a0c84751fb9735eb93ed4ef4318c80a320606bb74bb7be4006b2643a6a763d22f11a98a91694bce42cafee72e57885794c558a5be168bf9ec8d2e30b98c3e6

  • SSDEEP

    384:47/1TebgAciVU6c35z1R5Mq32V78QbTf6Q:4T1TeR05xoXbTff

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://miracledzmnqwui.shop/api

https://potentioallykeos.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Downloads MZ/PE file
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InjectNET.17.22463.10190.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InjectNET.17.22463.10190.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-7-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-13-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-14-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-3-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-5-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-4-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-9-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-6-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1712-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1712-11-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2316-1-0x00000000003C0000-0x00000000003CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2316-0-0x000000007454E000-0x000000007454F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-12-0x0000000074540000-0x0000000074C2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2316-2-0x0000000074540000-0x0000000074C2E000-memory.dmp

    Filesize

    6.9MB

    Download