Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

SoftWare.exe

windows7-x64

7

SoftWare.exe

windows10-2004-x64

10

Resubmissions

05/10/2024, 22:30

241005-2evkkazapa 10

05/10/2024, 22:16

241005-169ccsygrc 10

Analysis

  • max time kernel
    10s
  • max time network
    9s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SoftWare.exe

  • Size

    339KB

  • MD5

    d5c85984a2e84a7f39fd28fab73f0a30

  • SHA1

    feb059a77cad8e9553c3892263504431d227b2ac

  • SHA256

    61a6bf9a926e6de511a928eec1e7a8c69ceef34c7db814ebc8dab1dbcb17f62b

  • SHA512

    2c2ca0bd9899bfb2feae54eee45f3a78b0e7e7508d8c93f0ce011db6c1b3479d6ba7643238520e35bc3cbc02e03322999f37be72ebf335c7fc7f351e00fe647e

  • SSDEEP

    6144:KpUZjbNfI2ENzKa5AgnL1hGGxQd3mr4jjRUyNMdU7HyEaJP2LG0O0FI:KpUNNQQaWgFE3L9NMmaJP2LG0O0F

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SoftWare.exe
    "C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\msvcp110.dll
    Filesize

    536KB

    MD5

    da941aa4599930eee1511e8088be517f

    SHA1

    902e542d62fe60c3e2c2c1ccfc0659a49f78b8ea

    SHA256

    7821052d1bf901cf03e33e054fdbab5ab4d0dfb8ff039f9e9386416fd087782c

    SHA512

    d6da7e6e50c9125e8c62dc07f40284d07d5aa43f5c73fc0621ecef6f16549989f03f1a1bf56527dcf02c31fcd8858d3db8e62d5dbb86439466b49a4bc49abbe0

    Download Submit

  • memory/1520-0-0x0000000074EBE000-0x0000000074EBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1520-1-0x0000000000430000-0x000000000048C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1520-2-0x0000000002960000-0x0000000002966000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1520-6-0x0000000074EB0000-0x0000000075660000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1520-14-0x0000000074EB0000-0x0000000075660000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1520-16-0x0000000074EB0000-0x0000000075660000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4848-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/4848-15-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/4848-13-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download