Overview

overview

10

Static

static

3

final_boss.exe

windows10-ltsc 2021-x64

10

Resubmissions

09-01-2025 00:15

250109-aj54bazjg1 10

09-01-2025 00:12

250109-ag6l3askbq 10

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    09-01-2025 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    final_boss.exe

  • Size

    1.2MB

  • MD5

    926fd4235ade096c02b36b2ed6a53739

  • SHA1

    337424610694e00ebac66d36dd20e535c7a92164

  • SHA256

    25f3978a8bb28d7d978f5f861d639796e805230aca153ffa612dcc4d0a939edc

  • SHA512

    65c931dc59ff4ca8ffe069915874661f905c64835721ab877b38454bbdb2d6ddfce75bd1bf905e9f72d936e1a31f6c874877aa602b8bc21c63126bcea4ff0f79

  • SSDEEP

    24576:MD+wdilvnK90Lozyxuzkhj15I/yQl9sFLK45tQgSD:9yQoUuEjEhm5ug

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3556
      • C:\Users\Admin\AppData\Local\Temp\final_boss.exe
        "C:\Users\Admin\AppData\Local\Temp\final_boss.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4624
      • C:\Users\Admin\AppData\Local\Temp\final_boss.exe
        "C:\Users\Admin\AppData\Local\Temp\final_boss.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:3960
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5676
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          3⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4604
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96271eec-53bd-41cd-b788-ae19751cb7d4} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" gpu
            4⤵
              PID:4820
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d56cca9-9f67-4245-95b2-a33deafed8df} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" socket
              4⤵
              • Checks processor information in registry
              PID:5940
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1180 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ddbc9b-a648-418e-b767-c47a4e451cde} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
              4⤵
                PID:5872
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4056 -childID 2 -isForBrowser -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1180 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24cb9046-e3f5-414d-8615-4008227dd6c5} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
                4⤵
                  PID:5240
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4804 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ce57a5a-893f-44fc-907c-825068ce6b97} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" utility
                  4⤵
                  • Checks processor information in registry
                  PID:4224
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5260 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1180 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6043ac8b-ad10-4934-80ff-8fa15f91d346} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
                  4⤵
                    PID:3572
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5432 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1180 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef43ca2c-0251-4a76-83d3-0c902526b02d} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
                    4⤵
                      PID:6004
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1180 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1846a0f4-1919-4e92-9573-24d25d85e5a5} 4604 "\\.\pipe\gecko-crash-server-pipe.4604" tab
                      4⤵
                        PID:5620
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=4028,i,11057550979060774106,2035785093901894313,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
                  1⤵
                    PID:4124

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    9f0ec9aca4b4931ef49851ffddc81ca0

                    SHA1

                    5b69f3c2ac7b047b83c9fdbe1a0d9d9cd7a07817

                    SHA256

                    2fae38c616dea034214a02e4da4d11b5a7cdf1ca869170473a7ce71c5fbc9370

                    SHA512

                    27040faede4da3d00ece48aca38dd99c8f3e17e7a37832d334af166bb2f837c3c7e8b412df966671b1d18cabb01baea1ff2bcf4b2463795c8e5bb814ff04f984

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    22KB

                    MD5

                    f2c70998b4e4db6e98a3d57c4cae860c

                    SHA1

                    5648a320095632493ac2deba4d04764e4d40310b

                    SHA256

                    33eba374bf11b380046895ea8c2dda589eae7a24df38a2e662da58f8646b5429

                    SHA512

                    f974eec43c36207cde5d2aab953ff9623f1368c043b718a40c41d069dc6e552b7071af9a98304b7f0759c3ab2f0bf068834a05e7f1e8f607f618f96e44473369

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    22KB

                    MD5

                    7b7a31e0e6fb028972976052d07d7142

                    SHA1

                    19bbb23cc255ba350033a625c858546fe5ab4dea

                    SHA256

                    3ba9f7251e4eb3e5534ec1ee5e19b4b227d9a61b1711a90bcd3125ad6ff65dc1

                    SHA512

                    e989d66b15b92757c9e217f5b913af8a4017c66cf9ac8cde4da48bb87b79e487323291aa75d68436f1ee4624aa0c2625087b4b7f447ac511fe8f252d07736c4c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\3f5b578c-6b38-4fc4-9ff7-15cdff6415bb
                    Filesize

                    982B

                    MD5

                    3e968e0dbf9037732ef2db49ab0354a8

                    SHA1

                    eed7a00e4cd96d7647771a6cb1132f52291afff6

                    SHA256

                    d91df5bd919f8d01a43c1da7fa026016a1549d0aece79985ec482a45d62fafd7

                    SHA512

                    9aee7305c0e1eb8b94577cdb742f73aef9142712c8eedfe852c58dbab0d097541b59a843729ae8ec4981289cf75914fc84161d06f67dc79698658b82619689a5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\adbdea78-f1bd-4452-ad49-0a816cbeb6b5
                    Filesize

                    659B

                    MD5

                    468888b8644121573d803ab637b8b166

                    SHA1

                    803868bac769c06bb322b15dd9955abf26d45ddd

                    SHA256

                    b30cb973c8b3ac7488bf995ea9ab50ee013d06e7ecd7443e8ec465643758d2bd

                    SHA512

                    717f40de721a369b7049c51844d948af1ead62eb29743faee949c6ff2f79cdfdbc5873bda664a6206f14162758b9ab01d2e60c861cd6fcccd687b4c1d3d899ed

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\fc00ef99-27c6-41cc-9724-049b5d38468e
                    Filesize

                    5KB

                    MD5

                    221c72366b46b2fe9175a6c0e10f2ce5

                    SHA1

                    e58668898dc9d5a5884c46f27bff561929d395d5

                    SHA256

                    86dd6e35708ebb696f220e8a4edf27423235803a3c8eb8ddb699532b8a39098a

                    SHA512

                    660aab6f13d3229d0b7247f83ceedd6e8274fb7bf92ad281f279ba6f8b012ce64c7341c7ba6883a49d75a4b6cbeee7ca33f42473d63e618dcc99dac3dde18bbe

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs-1.js
                    Filesize

                    10KB

                    MD5

                    1b1fbd9082923f5d1781ea6d9afa1383

                    SHA1

                    a4295d32982773b5d244af401c15fe03e88009bb

                    SHA256

                    d318061fb316218806d694cc2a663ce2987296ca864712ce7f47336ffd73bfdf

                    SHA512

                    e0cc7b566f7e3401689facc64c470e528f3663faca6b1cd9ddf2a90cfe8d241bde201233c4251f998ce3df54633f2c1b6b2395342fb057c92553ffab1f708e00

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    bb6e079bbe9e3e47003925e1b8a6699f

                    SHA1

                    f01a188afaf5bbdad7fdbeab84f3bfb8cd56ab37

                    SHA256

                    e7ad15e9725846b80be072bf97e275f32e95b6db4344aba73a3b46797bd8cffb

                    SHA512

                    1e3ddc80f9114d85be3fe04df41c8e8b8fb20d628eca3a08ee3128f3a6a0db690b02364271f930642640c627e610065381499dbd04a5c7abc261634ecaf8ae8e

                    Download Submit

                  • memory/3960-1201-0x0000000000400000-0x0000000000456000-memory.dmp

                    Filesize

                    344KB

                    Download

                  • memory/3960-1202-0x0000000000400000-0x0000000000456000-memory.dmp

                    Filesize

                    344KB

                    Download

                  • memory/4624-38-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-28-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-8-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-16-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-57-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-66-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-70-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-68-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-64-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-62-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-60-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-58-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-54-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-52-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-50-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-48-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-46-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-44-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-42-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-40-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-5-0x00000000058E0000-0x0000000005E86000-memory.dmp

                    Filesize

                    5.6MB

                    Download

                  • memory/4624-36-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-34-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-32-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-30-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-6-0x0000000005430000-0x00000000054C2000-memory.dmp

                    Filesize

                    584KB

                    Download

                  • memory/4624-26-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-22-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-20-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-14-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-12-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-10-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-24-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-18-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-7-0x00000000051F0000-0x00000000052F7000-memory.dmp

                    Filesize

                    1.0MB

                    Download

                  • memory/4624-1183-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1184-0x00000000055E0000-0x000000000565E000-memory.dmp

                    Filesize

                    504KB

                    Download

                  • memory/4624-1185-0x0000000005660000-0x00000000056AC000-memory.dmp

                    Filesize

                    304KB

                    Download

                  • memory/4624-1186-0x0000000074C2E000-0x0000000074C2F000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4624-1187-0x0000000005E90000-0x0000000005EE4000-memory.dmp

                    Filesize

                    336KB

                    Download

                  • memory/4624-1188-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1192-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-4-0x00000000051F0000-0x00000000052FE000-memory.dmp

                    Filesize

                    1.1MB

                    Download

                  • memory/4624-3-0x0000000005070000-0x0000000005184000-memory.dmp

                    Filesize

                    1.1MB

                    Download

                  • memory/4624-2-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1-0x0000000000010000-0x0000000000146000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/4624-0-0x0000000074C2E000-0x0000000074C2F000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4624-1199-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1200-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1198-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/4624-1194-0x0000000074C20000-0x00000000753D1000-memory.dmp

                    Filesize

                    7.7MB

                    Download