Overview

overview

10

Static

static

4

#Pa$$w0rD_...#$.zip

windows7-x64

10

#Pa$$w0rD_...#$.zip

windows10-2004-x64

1

#Pa$$w0rD_...p#$.7z

windows7-x64

1

#Pa$$w0rD_...p#$.7z

windows10-2004-x64

1

Resources/...w.phpt

windows7-x64

3

Resources/...w.phpt

windows10-2004-x64

3

Resources/...1.phpt

windows7-x64

3

Resources/...1.phpt

windows10-2004-x64

3

Resources/...8.phpt

windows7-x64

3

Resources/...8.phpt

windows10-2004-x64

3

Resources/...g.phpt

windows7-x64

3

Resources/...g.phpt

windows10-2004-x64

3

Resources/...007.js

windows7-x64

3

Resources/...007.js

windows10-2004-x64

3

Resources/...3.phpt

windows7-x64

3

Resources/...3.phpt

windows10-2004-x64

3

Resources/...007.js

windows7-x64

3

Resources/...007.js

windows10-2004-x64

3

Resources/...4.phpt

windows7-x64

3

Resources/...4.phpt

windows10-2004-x64

3

Resources/...01.ps1

windows7-x64

3

Resources/...01.ps1

windows10-2004-x64

3

Resources/...oard.h

windows7-x64

3

Resources/...oard.h

windows10-2004-x64

3

Resources/...6.phpt

windows7-x64

3

Resources/...6.phpt

windows10-2004-x64

3

Resources/...8.phpt

windows7-x64

3

Resources/...8.phpt

windows10-2004-x64

3

Resources/...1.phpt

windows7-x64

3

Resources/...1.phpt

windows10-2004-x64

3

Resources/...6/htwj

windows7-x64

1

Resources/...6/htwj

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2025 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    #Pa$$w0rD__6654--0peɴ_Set-Up#$.zip

  • Size

    7.5MB

  • MD5

    b82b154592009655f2431f3c3e8537c2

  • SHA1

    14a1e65bb14a1c3374b092403fae84514440465c

  • SHA256

    bc845ab964ef0e15f09dc27adc16edb3381e9aac924d5787ef0046dbe62347d0

  • SHA512

    c6cd3afe1cb5888a96ba0dad7e12f359a8cfeb54a36edbfe3b46784174786a1f9db0cb6c6a219839c011779e619609a766bd5ee1de45ec716299dfeffbec873a

  • SSDEEP

    196608:jzsg208CQPnTFcwHHXWAF2zVmSEno4zx8:Mb0srHHXWAUs1e

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\#Pa$$w0rD__6654--0peɴ_Set-Up#$.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2764
  • C:\Program Files\7-Zip\7zG.exe
    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\" -ad -an -ai#7zMap2814:116:7zEvent223
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:300
  • C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\Set-up.exe
    "C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\Set-up.exe"
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1672
  • C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\Set-up.exe
    "C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\Set-up.exe"
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$.7z
    Filesize

    7.5MB

    MD5

    e2e4aa08af81749382abd08bdae9d5ad

    SHA1

    3310da15547d8bd20376399e4a5ac9543721500a

    SHA256

    b5dd13a6ac780c83b108281abc9b05ab60901556770fca27e0074243449d5b12

    SHA512

    96155e7076929f18205804a957a10e72e72717e1cf778a2c9e68ebff34773eafbeb0ae56a5d08e2d0d0ef979f8af9861fc9d976c26235ca4314e277a4ead3d0d

    Download Submit

  • C:\Users\Admin\Desktop\#Pa$$w0rD__6654--0peɴ_Set-Up#$\Resources\htwj
    Filesize

    2.4MB

    MD5

    ceea78710c5247be6a4dda72a209f3d5

    SHA1

    92d6cc42c820df8fee42748e1f778d3265cf582a

    SHA256

    6bf12cad0c848c4ff37152c30d263188d07da8c5f17dac4f49c2ba0691221add

    SHA512

    e2164edb3eee4bbf97aca6da81b1d2cb7b35bd2569d72c8f0a9fdf42738ae83100a399c7c831229706d857a4d4adbd5ea5cf1ab50b7c0feb43954bb9a7f44471

    Download Submit

  • memory/1672-194-0x0000000000700000-0x0000000000757000-memory.dmp

    Filesize

    348KB

    Download