Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2024 06:17

General

  • Target

    7cb559130bbd743d4cdb0891749c5643.exe

  • Size

    1.4MB

  • MD5

    7cb559130bbd743d4cdb0891749c5643

  • SHA1

    7e8cb60118a778a23fe6215c790ace9f730e87fb

  • SHA256

    08c071698f610c4b2ad9a8c18ffac37b4db9728cff608eb92e7c0728ee5a2482

  • SHA512

    75d1c0c1f7a5b141847f6bdab88dad4ba2d71e6b857ae92f3b60053c98bc6c1672261baa2871d8fa4f2823af942278017adfc2e08a6a6670eadc73fc57f7d6bc

  • SSDEEP

    24576:7CZ0v6c8cawPzUopzenuwMloUm8CG1Xw+Eahn3R5+8pzb2hyS333XuuW8888DGAn:7x6c8caYzUopzenuwMloUm8CG1Xw+EaK

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://se-blurry.biz/api

https://zinc-sneark.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cb559130bbd743d4cdb0891749c5643.exe
    "C:\Users\Admin\AppData\Local\Temp\7cb559130bbd743d4cdb0891749c5643.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4496
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 1184
      2⤵
      • Program crash
      PID:3020
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4496 -ip 4496
    1⤵
      PID:4628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4496-0-0x0000000000180000-0x00000000002F1000-memory.dmp

      Filesize

      1.4MB