Overview
overview
10Static
static
1Setupv2.5.1.zip
windows10-ltsc 2021-x64
10Setuv6.9.86/PhysX.xml
windows10-ltsc 2021-x64
3Setuv6.9.86/PhysX.nvi
windows10-ltsc 2021-x64
3Setuv6.9.8...t2.dll
windows10-ltsc 2021-x64
3Setuv6.9.8...97.exe
windows10-ltsc 2021-x64
10Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
6Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Setuv6.9.8...ui.xml
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
99s -
max time network
209s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
10-01-2025 00:26
Static task
static1
Behavioral task
behavioral1
Sample
Setupv2.5.1.zip
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral2
Sample
Setuv6.9.86/PhysX.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
Setuv6.9.86/PhysX.nvi
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
Setuv6.9.86/PhysxEx0t2.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
Setuv6.9.86/Setuv6.997.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral6
Sample
Setuv6.9.86/V6.9/0000.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral7
Sample
Setuv6.9.86/V6.9/0000.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral8
Sample
Setuv6.9.86/V6.9/040a.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral9
Sample
Setuv6.9.86/V6.9/040a.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral10
Sample
Setuv6.9.86/V6.9/040b.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral11
Sample
Setuv6.9.86/V6.9/040b.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral12
Sample
Setuv6.9.86/V6.9/040c.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral13
Sample
Setuv6.9.86/V6.9/040c.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral14
Sample
Setuv6.9.86/V6.9/040d.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral15
Sample
Setuv6.9.86/V6.9/040d.ui.xml
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral16
Sample
Setuv6.9.86/V6.9/040e.ui.xml
Resource
win10ltsc2021-20241211-en
General
-
Target
Setuv6.9.86/Setuv6.997.exe
-
Size
705KB
-
MD5
d5917e889f8facae25ef3c35e3cc2fc3
-
SHA1
c72e0fcccf29f187433cd7d0b49ed2cca1ea8474
-
SHA256
39710ed8a0ab2db1d2388e27429edc1e0b34f3691d85c0feeb5fe4e3b179e6db
-
SHA512
f53f09e71332c618bb6bc56a641399118e2b507db528ac476d1b3c3be70aed5d6067b9154ecce2db6d0662c576364d729eb8a01366992c6899bcb33d580662f5
-
SSDEEP
12288:yZOOIkzlNMaPghgAbLe3ss+YRdKYt0eFPghgAbLe3ss+YRdKYt0eIlr7v:DOIkTM0qXXeuYeeRqXXeuYeeUr7v
Malware Config
Extracted
lumma
Signatures
-
Lumma family
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4284 set thread context of 2372 4284 Setuv6.997.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Setuv6.997.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Setuv6.997.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83 PID 4284 wrote to memory of 2372 4284 Setuv6.997.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setuv6.9.86\Setuv6.997.exe"C:\Users\Admin\AppData\Local\Temp\Setuv6.9.86\Setuv6.997.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Users\Admin\AppData\Local\Temp\Setuv6.9.86\Setuv6.997.exe"C:\Users\Admin\AppData\Local\Temp\Setuv6.9.86\Setuv6.997.exe"2⤵
- System Location Discovery: System Language Discovery
PID:2372
-