Overview

overview

10

Static

static

10

d7f82fb48a...1a.exe

windows7-x64

10

d7f82fb48a...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe

  • Size

    651KB

  • MD5

    48df1349522495797220fdbca34d842b

  • SHA1

    c1de44d4930c7585d941ebe1ac753c60a1bb11c2

  • SHA256

    d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a

  • SHA512

    7efa857c1ab4e76de4022a86d412a0555c663c92c98d4f61e70681690436fac03156bc295a855754218bf227c17d33678c795ab99597c6801848082ff957f81c

  • SSDEEP

    12288:ReIdvFSLpJQBr8JJXindgAP1LbyxEac64p9y:RLdAt6DndgAP1sEa2

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://spellshagey.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe
    "C:\Users\Admin\AppData\Local\Temp\d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\gdi32.dll
    Filesize

    639KB

    MD5

    7bf927e07b2b49df3aad1dbeebbc0120

    SHA1

    2cf1d3b22690e7973bc2003e5139a7366a9b2221

    SHA256

    6583b1b6ba5e7154f77771879c485ec189b81bef9ce49546ad0e2b731d2dd691

    SHA512

    652e0e1560e98eac65307febeed296d22bdaadde96f70e7e0da1412a082aa41917e2dbf54c7cd7cb328e2ab5ba41b85eb81df3b14812f06adb9d7958885d00be

    Download Submit

  • memory/2040-8-0x0000000000970000-0x00000000009C7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2040-12-0x0000000000970000-0x00000000009C7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2040-15-0x0000000000970000-0x00000000009C7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/3156-0-0x000000007530E000-0x000000007530F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-1-0x0000000000520000-0x00000000005C8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/3156-17-0x0000000075300000-0x0000000075AB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3156-18-0x0000000075300000-0x0000000075AB0000-memory.dmp

    Filesize

    7.7MB

    Download