Overview

overview

10

Static

static

3

SKRIPT-GG-...GG.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    99s
  • max time network
    152s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    04-01-2025 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKRIPT-GG-main/SkriptGG.exe

  • Size

    686KB

  • MD5

    b6ffc5ab3d9c3d132b0cdb490ed800d2

  • SHA1

    69f55a57d6353649c3f709163bb7d440a3a7eb7f

  • SHA256

    138671f56898c4504a02588c6f9c4de6a3961ce015bb147d579bd54bc454ded1

  • SHA512

    4163a1537f80ef49a9ec9dd17b7bfb442be57afb24519d753ee2e2ba99c443e555b69570218aa1ee3a0e7b6419eb2432089d69f8c9f5771ada0115f2965f0f5d

  • SSDEEP

    12288:rlGQs6nEzMMU1wYwFozDOVhRGHdhdBBmCU0SmegE0wgoNkTzD5NryZI5L36lo+Qv:MEEIDU+acZBxST0bbzD5Nre

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKRIPT-GG-main\SkriptGG.exe
    "C:\Users\Admin\AppData\Local\Temp\SKRIPT-GG-main\SkriptGG.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1540
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 1176
      2⤵
      • Program crash
      PID:4780
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4748 -ip 4748
    1⤵
      PID:4416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\gdi32.dll
      Filesize

      439KB

      MD5

      eadcfd7c84686da06b4fc381bfc96c72

      SHA1

      0b7d9f3daf6162d0c710ba51614279b8057b5aa9

      SHA256

      abb95c10ae4b1ff0aa36895d5001d3259f91dfd1bc5c6dfe77f6194be1b41d4b

      SHA512

      2d7aeaf802e451ab5d611db82eb1ba2241be6f7c91ed7b732d1784d27dbd6c1e701dc2d9b3c622ddee1299cea688c2f5a128f4af06281d3c3fbe41f926fa90d0

      Download Submit

    • memory/1540-15-0x0000000000AF0000-0x0000000000B57000-memory.dmp

      Filesize

      412KB

      Download

    • memory/1540-10-0x0000000000AF0000-0x0000000000B57000-memory.dmp

      Filesize

      412KB

      Download

    • memory/1540-19-0x0000000000AF0000-0x0000000000B57000-memory.dmp

      Filesize

      412KB

      Download

    • memory/4748-0-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4748-1-0x0000000000690000-0x0000000000744000-memory.dmp

      Filesize

      720KB

      Download

    • memory/4748-2-0x0000000005010000-0x0000000005016000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4748-9-0x0000000074D00000-0x00000000754B1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4748-20-0x0000000074D00000-0x00000000754B1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4748-21-0x0000000074D00000-0x00000000754B1000-memory.dmp

      Filesize

      7.7MB

      Download