Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 21:30

General

  • Target

    Launch.exe

  • Size

    342KB

  • MD5

    c3579512b9277f8bf64af53227f0ff0f

  • SHA1

    be71ec8d000831d5b87c51be81d90af55fcb8b0c

  • SHA256

    4796c351a43e182f5a424a531dd2b07e262147d3d979ca0606cba611f0ab262f

  • SHA512

    bbd34ddc24a5d735d12e3972a73267821b0ecdaffdaad21b89ef18d8c30315b8b2978315eec56f3a0ddbd884308c296f538e3e540280868b556ce8a4b63c6e9a

  • SSDEEP

    6144:nrWu9SucKFiQObW6tg5ULzrh0GWtLg3F+S6Ua2gtI4BAlSiCApzPj2h5b+pB0P/p:nPcKWK9ULzrhMKza3a4DbAZub+pB0P/T

Score
10/10

Malware Config

Extracted

Family

lumma

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Launch.exe
    "C:\Users\Admin\AppData\Local\Temp\Launch.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\msvcp110.dll

    Filesize

    561KB

    MD5

    a317e8041d6fb24650756004d6c70c6a

    SHA1

    1596d794053a23463915994bfecf41aeac966ea1

    SHA256

    e81b38320476b4ee8d3a39d7d13d546fb7fa7689dd47778cdae12460330bd64e

    SHA512

    a63a04fe48e1f02c2d55367cd98d912bd33ff25971ff1b3972baed76589eb5bfbca888e6dc01569bdc2b119a864350d376863c07d682e55145f17e24dadefd3a

  • memory/916-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/916-14-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/916-13-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/916-17-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/5036-0-0x000000007500E000-0x000000007500F000-memory.dmp

    Filesize

    4KB

  • memory/5036-1-0x0000000000B90000-0x0000000000BEE000-memory.dmp

    Filesize

    376KB

  • memory/5036-2-0x0000000001380000-0x0000000001386000-memory.dmp

    Filesize

    24KB

  • memory/5036-9-0x0000000075000000-0x00000000757B0000-memory.dmp

    Filesize

    7.7MB

  • memory/5036-15-0x0000000077DE1000-0x0000000077F01000-memory.dmp

    Filesize

    1.1MB

  • memory/5036-16-0x0000000075000000-0x00000000757B0000-memory.dmp

    Filesize

    7.7MB