Overview

overview

10

Static

static

3

boom 3-d 1...ck.exe

windows7-x64

10

boom 3-d 1...ck.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2024, 05:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boom 3-d 1.0 complete crack.exe

  • Size

    802.0MB

  • MD5

    daf2de1418ff3dd058d6fd3db58a4024

  • SHA1

    ab5e431fa1edb8b076bc3d323dbaf25fb654b650

  • SHA256

    cd7138bfaa8229d0dcd151ed2e4e463684e87e1532f875b7c520a5614df8819b

  • SHA512

    8307efaf50386f1c0d085270a7d73e8bf66642f7b8f9cfb014830dcc05eab87c20d4c42bdadbbd717205ab84a718e97719fe4c536e8bac2a19c979cd3ca01fde

  • SSDEEP

    1572864:F2NqGpzREuQRZPGyWcAEfRvnFzSDTnFnuda/:uqAovx

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://crib-endanger.sbs/api

https://faintbl0w.sbs/api

https://300snails.sbs/api

https://bored-light.sbs/api

https://3xc1aimbl0w.sbs/api

https://pull-trucker.sbs/api

https://fleez-inc.sbs/api

https://thicktoys.sbs/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\boom 3-d 1.0 complete crack.exe
    "C:\Users\Admin\AppData\Local\Temp\boom 3-d 1.0 complete crack.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3972
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy Intellectual Intellectual.cmd & Intellectual.cmd
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4056
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3968
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "wrsa opssvc"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3228
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4076
      • C:\Windows\SysWOW64\findstr.exe
        findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3764
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c md 751120
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1604
      • C:\Windows\SysWOW64\findstr.exe
        findstr /V "JOSHKINGCANCERJE" Bucks
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1752
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b ..\Viewed + ..\Ranked + ..\Blame + ..\Dishes + ..\Zoning + ..\Supported + ..\Ga r
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3264
      • C:\Users\Admin\AppData\Local\Temp\751120\Smith.com
        Smith.com r
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:5004
      • C:\Windows\SysWOW64\choice.exe
        choice /d y /t 5
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\751120\Smith.com
    Filesize

    921KB

    MD5

    78ba0653a340bac5ff152b21a83626cc

    SHA1

    b12da9cb5d024555405040e65ad89d16ae749502

    SHA256

    05d8cf394190f3a707abfb25fb44d7da9d5f533d7d2063b23c00cc11253c8be7

    SHA512

    efb75e4c1e0057ffb47613fd5aae8ce3912b1558a4b74dbf5284c942eac78ecd9aca98f7c1e0e96ec38e8177e58ffdf54f2eb0385e73eef39e8a2ce611237317

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\751120\r
    Filesize

    471KB

    MD5

    b612df55ec2450934aab4f23b45ddec6

    SHA1

    c9e8a57887c69b54b65e1a67478463c301f2afba

    SHA256

    c47b0653c1c66c3314475cc0d7b1ddaf34becf7fd9ba4591b52386163d8cc8a7

    SHA512

    380fe04d23de46a9883e4f20bd1f962172c4cdc22f01d9235577f36d0af21162dd06d400cbae1c8342b32a76743bf49525b689382a4415192c976c66fa03cf88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Blame
    Filesize

    55KB

    MD5

    929b64fbb78a159114a12a0f02faefde

    SHA1

    21526b0685f36e4ded6d924722ad4e4105418277

    SHA256

    08b855e426ca9110bbb67ca6b4b25a1573c9a2ba0986d4ab1d53977ce144804a

    SHA512

    8c746ace50b59fa53992e5ca061924c92b2c8e7fe7087192beb80dce9018ffa40779716ce53a9d54d600283e959f161767c7e23739cfb9f0c3b62181af8bf9f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bucks
    Filesize

    1KB

    MD5

    5d36f4b7cba4067c96d48130613a825f

    SHA1

    4ac7c805cfed99ac8166b1171a8134e6736581d6

    SHA256

    cc696bf520628669c09a98c27eb95a6f7f0f596de6493c41356d253ea68c340e

    SHA512

    2e1ea28229e56ded2fbbb60efca9c6ae09f032b107aa65534f50a8a4feb7827ad3d3e988fb90d74082ae9584258d9db23f1759ebd33294128783a6eec88f7b36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Dishes
    Filesize

    84KB

    MD5

    cc7414e900f478b7b51ae6cebe0bbfe5

    SHA1

    a60f35f008c1b86c24baf5ac5a2cd807d0217c2f

    SHA256

    ab59cbf2b8b566d97e594a650ff6f491a83f94ab06bd600a8a9825962ddda339

    SHA512

    0a75e5e92422edc10b4d82183636dbe233cda3678be10c490aefb24ae8d6daae2236e47631bb9d43d4edb74893436a68363d6869b88718b2dc2915d8402d764f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Ga
    Filesize

    45KB

    MD5

    645559d915b91199764d655270b566e6

    SHA1

    87a734285bf4d4d3ba6759d804ec9d1c1fdb6c0b

    SHA256

    eebfa1c908f09f38ae873b0f62b3734c5b0ec9fd3df463fa5f84f5209765c264

    SHA512

    577a67dbbdccf9ff95eec795e19b01d7d4b44057b997c4b81ef2c5d4a28ef96315d956263ac072aafefd290097ae9812ef941a7809d1b529733f277d52349778

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Intellectual
    Filesize

    8KB

    MD5

    b42361bf0cf17b8f27d9a73d5d104d3f

    SHA1

    ab6407074b0c09734cdb10838f1234c0cfd2e39f

    SHA256

    ab5461d090ef6561323091e6ab7ecd6764fe5ff290911ec68834b12d76e0714e

    SHA512

    08523ae007863cdb1049f2f8138629338777410f9ad7d4debe7ae3fa043bae1b22a84a5277884e371fecaa87336d97425d52459a4c5bc4eb487bdebbad6d4e26

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Ranked
    Filesize

    76KB

    MD5

    5c34bd2f60226d416fe7e0a63793836d

    SHA1

    0a0b9596ebe01f39c1b61c2b550f5bc7e4bcb1d6

    SHA256

    59fecbb5152aa1702ddda7616e70ff9af2f0906bf2736fe336bf2cd4b62994f5

    SHA512

    6748614e4a2c412f5819439a177ac4c40ffa6b549758d094fbd8e0b035ca90e8b74f8ec1c88d132e95ea540c5d2039e17c516e2792ef247cde5d40d23240982c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Supported
    Filesize

    84KB

    MD5

    59469c840c1a1f5ccf0db12f6c2191aa

    SHA1

    dccd70a918ddcc7b771b01c16a6a334ff84ca1c0

    SHA256

    cc30b60b6e0108a19a958aee381099d56c1a53bc811e7103a1cbd38dcf46394a

    SHA512

    6c8583e9fb1639fae6362a29d4d1ffb40050d2b90c208c5303ae1e6a77f75a75e178d8e236073a14bc0a49e80ce15b900aab4b1a857cac8c1807682014a3f87e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Viewed
    Filesize

    56KB

    MD5

    61e1bfb7ac01adcea5db4c1cf48ebcb7

    SHA1

    68da905ce1d46f9e763893cf8f8adde286f8eba4

    SHA256

    1ee0a4ee7cdb787b1fa4866611ec384232cdcc599ca8528e2223e1731c41bdb6

    SHA512

    02ca5d0262b5ff25e9f0cace3d3ed38bf5278ea145dc929d9eec73b3e2f9981be91603f10db853f785dde81d09f3b44cfefc257aa5d466ae673d066c5853b308

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Wealth
    Filesize

    920KB

    MD5

    0de558cbe151ac67bc06226419d930c9

    SHA1

    8f346097907c2d43d5b339c4fbb6fa9bff13f04e

    SHA256

    bc0b971de58b1e16fdad34e7dcd389771908e90cc28849f71270f4a99a4a4985

    SHA512

    6d5217d4077b0ddcd8236117fe8fbd7df2c9e7a3dc00f209880ce42c46add7e24eca9c7a2425bbf057c62d17910becf313e9762bce87fd82ee8e52118ca7f8f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Zoning
    Filesize

    71KB

    MD5

    0dd5a23c8a930e46100c866a17930789

    SHA1

    3d7b571806951843c6e681489c07aaee18ec0bfa

    SHA256

    93d3f9fd954d4c035194a1cc2f0516f84abbedd21f7296f0c36a071706e4cc18

    SHA512

    dda72c5fe516d197a517db113f717a5e7e85c46402487275469cb0757fc06dc9ce8b9f52934a1e69e7ad99bb8cc358bbefe98d645e1e5f1e5dd689c7f72641b8

    Download Submit

  • memory/5004-228-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5004-229-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5004-230-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5004-233-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5004-232-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5004-231-0x00000000004B0000-0x0000000000506000-memory.dmp

    Filesize

    344KB

    Download