Overview

overview

10

Static

static

3

maizu hack v1.4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 00:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    maizu hack v1.4.exe

  • Size

    371KB

  • MD5

    fc6ed27afb9b144d83345bb2eeae71fb

  • SHA1

    c4006aaec2a35e99e2de142a648ce2d1a5ab6bba

  • SHA256

    8bc05ee541fe13d778bd96a0211f7a52926a787b902fdd735e6d1d351fcb529e

  • SHA512

    dd5c921ce17d178989a4ac53d58e98ef13274d6b9d8dc4a7648014793eb336d35f8fb73f3d27175cdda941447b05b60185f39ba976f07a07a612081b7b21f422

  • SSDEEP

    6144:BD6u6keR5eHb/nOe6yB2SFJF5FMEWbq+BZHRTGiJEh3A1P1KcBYAetZdjDMPlGk+:56ieRE7/OkFJ5WRv0lhQBqA2dsPlvTct

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://candidaiteopwm.shop/api

https://preachstrwnwjw.shop/api

https://complainnykso.shop/api

https://basedsymsotp.shop/api

https://charistmatwio.shop/api

https://grassemenwji.shop/api

https://ignoracndwko.shop/api

https://stitchmiscpaew.shop/api

https://commisionipwn.shop/api

https://tenntysjuxmz.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4.exe
    "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1428
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\msvcp110.dll
    Filesize

    574KB

    MD5

    e668d4ddd13f06a592a4342d309a6a43

    SHA1

    539883de34b109853faea561a9d1d477355ffb91

    SHA256

    2b3100bd567a5bac61c55ffe007d7de5f03dc64beb4ded0061d8ff6ade6a8fe3

    SHA512

    b469e6c38f277d6017ee3a54d62542520150fe52b38addf8dab6bbe27b9f494fd1b096f2abad2607b080c6a9628c0e2c706269de220f42db2c6d36056735ff88

    Download Submit

  • memory/940-16-0x0000000074ED0000-0x0000000075680000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/940-1-0x0000000000980000-0x00000000009E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/940-2-0x0000000005400000-0x0000000005406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/940-8-0x0000000074ED0000-0x0000000075680000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/940-10-0x0000000074ED0000-0x0000000075680000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/940-0-0x0000000074EDE000-0x0000000074EDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1428-17-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1428-11-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1428-14-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1428-15-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4504-28-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-19-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-20-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-18-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-30-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-29-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-27-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-26-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-25-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4504-24-0x000001228FC70000-0x000001228FC71000-memory.dmp

    Filesize

    4KB

    Download