Overview

overview

10

Static

static

3

fsuipc4 se...ck.exe

windows7-x64

10

fsuipc4 se...ck.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    101s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fsuipc4 serial keygen and crack.exe

  • Size

    911.2MB

  • MD5

    b8adb6764499e96a0c37038a2428aa1b

  • SHA1

    964ffaabb17dfbe8f4fb5ccd629d645882f0c08a

  • SHA256

    28274181e340b8e1d0ba57543ca871cbec9e95660336ef80613363ba2c2f64b2

  • SHA512

    9ca8300d31bd8c7ddd158a9e9f0029a05196c557d5fc6f6e606306f2fcd585c955c76cda097e24efa596d454514a6b779db2569745bc4bbeee76156e5c59018d

  • SSDEEP

    196608:wlm1Q9RCYZEjXWtOqnuUPsq4i6PqQurkrDH2LFpFhKB422SlvokaT1Z9HMHNk7En:wl5bZVnaTsDkQFj10kI1P

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://desiredirefus.cyou/api

Extracted

Family

lumma

C2

https://desiredirefus.cyou/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fsuipc4 serial keygen and crack.exe
    "C:\Users\Admin\AppData\Local\Temp\fsuipc4 serial keygen and crack.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c move Collections Collections.cmd & Collections.cmd
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3588
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "opssvc wrsa"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2848
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3476
      • C:\Windows\SysWOW64\findstr.exe
        findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1848
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c md 62194
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1548
      • C:\Windows\SysWOW64\extrac32.exe
        extrac32 /Y /E Arrange
        3⤵
        • System Location Discovery: System Language Discovery
        PID:848
      • C:\Windows\SysWOW64\findstr.exe
        findstr /V "kinase" Wi
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4348
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b 62194\Destruction.com + Increases + Commitment + Transmission + Wheels + Typical + Companies + Journals + Bw 62194\Destruction.com
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3756
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b ..\Prostores + ..\Wrapped + ..\Gone + ..\Exceptional + ..\Hose + ..\Seminar + ..\Pos h
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4952
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\62194\Destruction.com
        Destruction.com h
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3200
      • C:\Windows\SysWOW64\choice.exe
        choice /d y /t 5
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4480
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\62194\Destruction.com
      Filesize

      2KB

      MD5

      58c95ccf4ec3577e37c99905679b311a

      SHA1

      c4d2c12d91e8e4366df8a59c6025a516411da3c0

      SHA256

      16d0a742c481ce3e3e01eddc19ee1c00590df1b7d2bf71e9812ccc76cd942d11

      SHA512

      cc510bcb1e7924c83b1f5c0403730a0c6ad3930cbe0b20a5206bc4fbbc913f19ec37c099589d97941fb665d638da638c1cef0e33720cce3f6f9a8cd3674836e0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\62194\Destruction.com
      Filesize

      925KB

      MD5

      62d09f076e6e0240548c2f837536a46a

      SHA1

      26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

      SHA256

      1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

      SHA512

      32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\62194\h
      Filesize

      502KB

      MD5

      503d935454ebc3159f6e0676a17a40d1

      SHA1

      33631152e0dd5aeedce787c4e5217e289248c33a

      SHA256

      e66f05573c2bd7768e9dfa157a87299688879c88aa4394cf295b106c039ceade

      SHA512

      545700e09c67a08bf3acbefab6779fdacb76721b82511b00dabdd3533c18f2fdd97668c568949d40e782075f42a6e9aec21cf059be2c89ea8a3dfc11b7cfcab4

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Arrange
      Filesize

      476KB

      MD5

      998800bc87cf02c3da321a80f757864b

      SHA1

      15eef661a07afe73e71eb6009838cf46596d2c32

      SHA256

      519d829b569b2d5420eb23639c6c864d67bc8fcf85a7b2ed1e06e8be0d8434cd

      SHA512

      3143ba55380b84661d6f55b08fab4a1474289c73aaecd2da4e05fad91d44ab954b7970596d13afc3cd18485c9b51bdcd0130f9ccdb21f36e20060d0f86a15bb2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bw
      Filesize

      68KB

      MD5

      28d6493eff57c2b8ae0284855a31d8f2

      SHA1

      e01cf0aa55490f8183de54ffc86cf3bfee53d509

      SHA256

      6f2363ae5657bd5655c80e309b468ebb9baa041e781aeb7a83dddd6ad2319706

      SHA512

      c57f3bfc4a0848cf24a9a34110f85c39822f7b0d0e6977f18b398a6401ce4de39245a811604833fac568248b34b90f17094bec8661189ca25d6be997e3a732c6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Collections
      Filesize

      12KB

      MD5

      06d940527b4b40006f5e6fe5ced07ad7

      SHA1

      d7b52eaa0c8f6e92ae4bc85224d4ab3b238bd563

      SHA256

      92cee79c83e00a1fdc5c107df4c7be1e1a8ae7cb0bfe3e3de0ec7488d242fc5c

      SHA512

      d93817484c41d601b3fef66628d82d0d682a4424fd3e57d9fa9920187938c9b31e7fdbe5e1253b2954cbf637d4a4de7296098e9fca7b7a88ab337b4d838a9d66

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Commitment
      Filesize

      104KB

      MD5

      33e9f726c31a83a0dbcf2b70e17f0315

      SHA1

      3da39cbf8a65de586b1567a54e51537725c162fe

      SHA256

      3f8e5f7fdb34112ca180b77ad07e13c50a49ab0dfab04240296e8decc26061ea

      SHA512

      03fd93c8a166307388d0227000b2a36788f3fc6991446618992bcfe06f328dc81e0fae82bf682833780e8d131a08febf671068b5031162af6be87effeb06d237

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Companies
      Filesize

      116KB

      MD5

      d7351daf362a8d3cd0c0b23581ba0f33

      SHA1

      acfad597518302dabdcef517c5f5a38a4cef56a1

      SHA256

      95223e9737b4075225a333642a8d4244b31f1f35ffa37c96efe5c91b14a88f11

      SHA512

      17027718d2b968d8f892e59b470a2de6a7ffd98d264d64c597b15391fba64d86cec11a08ba100c9c092b6e46d3deb226cb871032b9a94a0c1791825d5c3fef03

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exceptional
      Filesize

      80KB

      MD5

      101d1919ee406370d0ab33970404de48

      SHA1

      8e4873b2dc528bc136c1a78763db188ac7656c63

      SHA256

      6ba4bd6c622aa683c06107bae5b91d285201b41ec7b9f5acd1cee0e8f8703ebf

      SHA512

      717bd983116d94eb87b2fa02c38219bb7a035b3e1074f29c2f6cbe94a8305b8e719abbb20ae6d9e346a29504ee186e851e349bea687f031d3599a5ff2bba1c70

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Gone
      Filesize

      66KB

      MD5

      cd33adf771ea5b6aae3e2ca26b3a8072

      SHA1

      826d836c30bd2d6fd4beb6bd9a9f3413f99d51dd

      SHA256

      01b750ca28f766767c750cac94843f2ded7ea6eb1e064e3cd3a595fd239695c5

      SHA512

      e5b98f58c6bf1528fdd3d615e6d4753ddf0688e5bc1d03eb376830c5b052aeca806a4897458036afeacd6fdec94e1df0a512699a0f26eb31e550a41b9369582c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hose
      Filesize

      98KB

      MD5

      52fdf2804dd0aee3d9a0dcaee59083d9

      SHA1

      9a7c0033ea47a93f3403e7d7051c76251e74042a

      SHA256

      bea243344f2e4711381d00680d8ffa3cb0daf67f84ee817953e7d5525a740da9

      SHA512

      268b5bf621800562cfde5b9908c62b6404bc3a337264f925ce8ef9e4c96b678b3dd4559feb84d43df2ed921f073397b703083dce5ac58a04a0841ecafa08a742

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Increases
      Filesize

      118KB

      MD5

      4225f70fa4c18d95a0512dae7091b402

      SHA1

      95063dfb8e3b153f2dc687ae6bbd22723e1cb2c2

      SHA256

      e67e51e1a874d930c345667840ad085381f1a75faa06a4bcd7d9656985d2d74e

      SHA512

      b0170356b339913e61d281e47e25f9b6ca8e24f18e933277ea53979c328e72782e12ba53d42846a773bf71eb67bdecb47de48a60b78f160d592b3c57b33d02df

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Journals
      Filesize

      135KB

      MD5

      e7ba8c2336229da0224f192e290d3270

      SHA1

      15477c2be513cb47154a79643a032bae67abaab3

      SHA256

      d11064044ee3b6b14e4e882e0a86e5c9df32b0022dbadd0444f801d8f283f489

      SHA512

      517f2faa82d08ec7c7898de8ed6db989e0df54956753721d486ad42d54923870926cda09266b55ca88cad0e81898a9d036d00ae63b29b6f4907b4ce65e9151bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pos
      Filesize

      67KB

      MD5

      ee2116a82303e24c4e85dc4ff4457bed

      SHA1

      feb24bbc76ec1a442db85b1347613553768fd865

      SHA256

      471f22c0455430735a3ee4642e02d2df3c94706ee6327fe0a3a2a738ee114b61

      SHA512

      787683fb119399c788324626e5183c495c19a88740df8986d55999a4cb1ab28e443ecde798aa0ed39ed1a5ae58b132bd510f9e81c0838e72ab39839bca2d6492

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Prostores
      Filesize

      56KB

      MD5

      f1872eaaa05f533016461f7d2cba4eba

      SHA1

      9923bd85ea2b3c0759c19a670f9bf9fbe66486e5

      SHA256

      985bdd73243f4d0f3fa5824fc2c3303bbf1bcd5f0b4a945f2e9d7d4736085360

      SHA512

      5f9bac6cf02ad6222ed42e586d32c22867f25802e37334814ad227079b85bfef36aad1c925dfed9e296f766953a95643a39646ee8c5ecd196626d490a38d6d13

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Seminar
      Filesize

      53KB

      MD5

      043e107ee0471a54cf0f42694079941b

      SHA1

      56fd083f33205395141cc048e62ee3f90a55b15b

      SHA256

      d6c0818cfe70f59c7d12daa41f109acad4e85bed1cd914e6d144b5c75fb0804b

      SHA512

      0619b67c02c93cd58acc994f4de7b261ea7d11002cbe0726bfe39885f86e9d84a6e285ef206b70e3f8653f7612aafb4c0ea2d15a66b81914002fd9faef608081

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Transmission
      Filesize

      126KB

      MD5

      4e857ecab900f7e75343a55e0ad0fac7

      SHA1

      82c1b23b8dac48eb94cba57cd60059be21bcde8a

      SHA256

      fdd4e81341ce1d5bdd3b52b88c1a6fff5b5300da1df5b8fe114301459295decc

      SHA512

      9c3ca722fb07b0f6119d7a440d307da3aa0d0d9f1527356d91d40103151e2beba418151358a34bd5301ea54777cde143ad5ba2f6fffb8ef5b04aa829c57cae51

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Typical
      Filesize

      145KB

      MD5

      5311a1bdc9a275bfeec262bb9137bc83

      SHA1

      b49942f646592d8e3c5a8e16438c6212cf7f5a52

      SHA256

      743d15d61e5d1f494b8226d00304bfbf646faedc686f50cc201441f7d2b166b9

      SHA512

      032b394739a5f7881ccd5a5c6384756a8193b40f644bda3ab9fc71550e03d20b958bbc3d67b72d6e6a9ea8d8f76c1d4dc24e91adec20a13aae821aeb59c060b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wheels
      Filesize

      110KB

      MD5

      67986ea05e5af77107bad677901324bf

      SHA1

      d35a87c253ed65179f5e4a0aa943196a844a580f

      SHA256

      68b7f6d04f283539f260f0cd1ea73b147787285bf24a208f53ebace3bee25cc7

      SHA512

      b277e27a3dda1d262e398f43a2d48a657d9b5837a1851c969dbf9f94602a5d9a8c67493147863ef1882570d8ae0799d212e9fdecb92f51fdb0611a2170c1ac3d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wi
      Filesize

      2KB

      MD5

      31d80e690a7932e0675db467a3b25911

      SHA1

      6334b8df5d931051af3fe6663a3d7fb060dc9b01

      SHA256

      23b26420c18b45310b80eb1fac839849f7f89ce28b5991ed95ff3f103fe44b08

      SHA512

      88c51cb51e639899fd6f7da83d36bf59f373c6399d75b9a1879397886f20e2315a3ac0f6bc618b124780f1ce4f4cd731f0a3bc4f04589d8b5f77724eb3360a18

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wrapped
      Filesize

      82KB

      MD5

      df0b710176af0d6a4d94cb69aa69f706

      SHA1

      dcc90a0122fe8eac4459fee1576443516d8ddd69

      SHA256

      efa6f7351ee6272e73d0681f9c912f29c5016e4abf3a75619b26693aa9063e82

      SHA512

      4899e102f79085a35915610a505ad011d90b708364f6100573d167ad78c026408e442dc6b5319c28e38f572e40ab19e979a46d72ec8e8038d65dde213fee78f9

      Download Submit

    • memory/3200-62-0x0000000004C20000-0x0000000004C7B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3200-63-0x0000000004C20000-0x0000000004C7B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3200-64-0x0000000004C20000-0x0000000004C7B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3200-65-0x0000000004C20000-0x0000000004C7B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3200-66-0x0000000004C20000-0x0000000004C7B000-memory.dmp

      Filesize

      364KB

      Download