Overview

overview

10

Static

static

1

28d222fd59...32.exe

windows7-x64

10

28d222fd59...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 15:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    28d222fd592e63b9e73a63f8a2806532.exe

  • Size

    1.7MB

  • MD5

    28d222fd592e63b9e73a63f8a2806532

  • SHA1

    f579377b26b455fb1331623a2e7d0fedc71e255c

  • SHA256

    ca21c5b129c001c2b51359d5f74c0a99667028810623b779190b13f0de86369e

  • SHA512

    79d468087f729934de907e7c764610ee1a025ab020d6bcf2db9471b366e10c2ed503dddc72983db6f4be15ed44161a21f3ed9482aae02ed1687e5344250f4647

  • SSDEEP

    24576:PCdbNNTSt/qWkAOh6wc0xqkTDxk43LfzAAdZeAr+Jor0I5ciRl8Jb73sIy:PwNUkAc6wLTjAkPrOq5c4a73sIy

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

blockigro.xyz

Signatures

  • Detect Lumma Stealer payload V2 4 IoCs
  • Detect Lumma Stealer payload V4 4 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28d222fd592e63b9e73a63f8a2806532.exe
    "C:\Users\Admin\AppData\Local\Temp\28d222fd592e63b9e73a63f8a2806532.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:4112
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:1292
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4200,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8
      1⤵
        PID:752

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1292-32-0x0000000000400000-0x0000000000465000-memory.dmp

              Filesize

              404KB

              Download

            • memory/1292-36-0x0000000000400000-0x0000000000465000-memory.dmp

              Filesize

              404KB

              Download

            • memory/1292-38-0x0000000000400000-0x0000000000465000-memory.dmp

              Filesize

              404KB

              Download

            • memory/1292-35-0x0000000000400000-0x0000000000465000-memory.dmp

              Filesize

              404KB

              Download

            • memory/1624-24-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-18-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-6-0x00000000055D0000-0x00000000055EC000-memory.dmp

              Filesize

              112KB

              Download

            • memory/1624-28-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-26-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-30-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-4-0x0000000005710000-0x0000000005856000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/1624-31-0x00000000743C0000-0x0000000074B70000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1624-0-0x00000000743CE000-0x00000000743CF000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1624-22-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-20-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-5-0x00000000743C0000-0x0000000074B70000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1624-16-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-14-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-12-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-10-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-8-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-7-0x00000000055D0000-0x00000000055E5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1624-34-0x00000000743C0000-0x0000000074B70000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1624-3-0x00000000743CE000-0x00000000743CF000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1624-2-0x0000000005670000-0x000000000570C000-memory.dmp

              Filesize

              624KB

              Download

            • memory/1624-1-0x0000000000AB0000-0x0000000000C6E000-memory.dmp

              Filesize

              1.7MB

              Download