Behavioral task
behavioral1
Sample
2548-1008-0x0000000000CD0000-0x0000000000FD9000-memory.exe
Resource
win7-20240729-en
General
-
Target
2548-1008-0x0000000000CD0000-0x0000000000FD9000-memory.dmp
-
Size
3.0MB
-
MD5
4c476a78e35c295dccda9501fdb03f98
-
SHA1
5c82480637c8796e1804ccf63c44c4dc8fd8d015
-
SHA256
4472b4764c5f3928e70f9fd96c955522ac0a9f2b94c894f32bedf8e8709f44a9
-
SHA512
fb301bd1be683b4d26b67d429e226d50a09e2760bb12c6d51a47a757f91883561c26c5093565eccb93b4999b1f77750fa8054c5123cb7a5c6e0c17dcc2083003
-
SSDEEP
49152:H/65tmDyXog2Owhgh/CxCi/OVbfbBf7u14E4Qw:HIR4/LS/CxCi/ebZ7uGE
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
https://opinieni.store
Signatures
-
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2548-1008-0x0000000000CD0000-0x0000000000FD9000-memory.dmp
Files
-
2548-1008-0x0000000000CD0000-0x0000000000FD9000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 159KB - Virtual size: 352KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yzrtuwjk Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tcmjuvul Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE