Overview

overview

10

Static

static

3

32d19e0622...ce.exe

windows10-2004-x64

10

32d19e0622...ce.exe

windows11-21h2-x64

10

Resubmissions

30/12/2024, 05:11

241230-fvptcsyqcs 10

30/12/2024, 05:11

241230-fvctssyqbw 10

30/12/2024, 04:46

241230-fd93zaymck 10

30/12/2024, 04:07

241230-epynmsxpar 10

30/12/2024, 01:24

241230-bsdwvstkdk 10

30/12/2024, 01:15

241230-bmjj6asrbl 10

30/12/2024, 01:05

241230-bfq1nasncy 10

30/12/2024, 01:03

241230-benh5ssnfp 10

30/12/2024, 00:49

241230-a6hxassldp 10

30/12/2024, 00:46

241230-a4y6haskgw 10

Analysis

  • max time kernel
    2s
  • max time network
    6s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2024, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32d19e06226164729a88de658e21e3667b410372f0225740cd8321aa404b0bce.exe

  • Size

    322KB

  • MD5

    246c8dcc5acab23c11b584ce15e44ce3

  • SHA1

    89539b3915d8a8d99ab32ecf7f36d69ae6fd36ee

  • SHA256

    32d19e06226164729a88de658e21e3667b410372f0225740cd8321aa404b0bce

  • SHA512

    57099f5974d6160ff4a2eb10884d21fc1b8ce251a94f9989d81224236b8f3a2a7ac3b2b82f1ab1b82144ca86b953cbb9b0cfbb3b55c531d387e72a6912b67447

  • SSDEEP

    6144:A/FOqpLVnfxMl/zqzcJa4D8FCvD1qOQIB3f7:A/FppxnfxMUeoC0OTB

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

https://spellshagey.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\32d19e06226164729a88de658e21e3667b410372f0225740cd8321aa404b0bce.exe
    "C:\Users\Admin\AppData\Local\Temp\32d19e06226164729a88de658e21e3667b410372f0225740cd8321aa404b0bce.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 1256
      2⤵
      • Program crash
      PID:116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4004 -ip 4004
    1⤵
      PID:4996

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4004-0-0x00000000001C0000-0x00000000001EC000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4004-1-0x00000000020C0000-0x000000000210B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/4004-2-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/4004-3-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/4004-4-0x00000000001C0000-0x00000000001EC000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4004-5-0x00000000020C0000-0x000000000210B000-memory.dmp

      Filesize

      300KB

      Download