Overview
overview
10Static
static
9Release.zip
windows7-x64
10Release.zip
windows10-2004-x64
1Release/Ne...0].exe
windows7-x64
10Release/Ne...0].exe
windows10-2004-x64
10Release/au...in.dll
windows7-x64
3Release/au...in.dll
windows10-2004-x64
3Release/lo...ng.dll
windows7-x64
1Release/lo...ng.dll
windows10-2004-x64
1Release/lo...ng.dll
windows7-x64
1Release/lo...ng.dll
windows10-2004-x64
1Release/lo...ng.dll
windows7-x64
1Release/lo...ng.dll
windows10-2004-x64
1Release/lo...er.dll
windows7-x64
1Release/lo...er.dll
windows10-2004-x64
1Release/lo...-1.dll
windows7-x64
1Release/lo...-1.dll
windows10-2004-x64
1Release/ru...er.dll
windows7-x64
1Release/ru...er.dll
windows10-2004-x64
1Release/ru...er.dll
windows7-x64
1Release/ru...er.dll
windows10-2004-x64
1Release/ru...er.dll
windows7-x64
3Release/ru...er.dll
windows10-2004-x64
3Release/sc...Env.js
windows7-x64
3Release/sc...Env.js
windows10-2004-x64
3Release/wo...re.dll
windows7-x64
1Release/wo...re.dll
windows10-2004-x64
1Release/wo...pet.js
windows7-x64
3Release/wo...pet.js
windows10-2004-x64
3Analysis
-
max time kernel
26s -
max time network
28s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
12-01-2025 03:10
Behavioral task
behavioral1
Sample
Release.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Release.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Release/NewIn [v1.1.0].exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Release/NewIn [v1.1.0].exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Release/autoexec/bin.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Release/autoexec/bin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Release/locales/resources/app.asar.unpacked/node_modules/btime/binding.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Release/locales/resources/app.asar.unpacked/node_modules/btime/binding.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Release/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Release/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Release/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Release/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Release/locales/resources/vk_swiftshader.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Release/locales/resources/vk_swiftshader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Release/locales/resources/vulkan-1.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Release/locales/resources/vulkan-1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Release/runtimes/win-arm64/native/WebView2Loader.dll
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
Release/runtimes/win-arm64/native/WebView2Loader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Release/runtimes/win-x64/native/WebView2Loader.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Release/runtimes/win-x64/native/WebView2Loader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Release/runtimes/win-x86/native/WebView2Loader.dll
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
Release/runtimes/win-x86/native/WebView2Loader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Release/scripts/UNCCheckEnv.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Release/scripts/UNCCheckEnv.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
Release/workspace/Xeno.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js
Resource
win10v2004-20241007-en
General
-
Target
Release.zip
-
Size
30.0MB
-
MD5
7b352f4b215d9505e5e1a898990c8658
-
SHA1
a4cfc444f659a21582c144c4a99eeda75d1e343b
-
SHA256
d7fc6e32096855a5f4d545f6359b1e0ce5b8ff3173c83ff1407423b0c6025bb0
-
SHA512
e859cd4130537d0035f1a2b6265bfe91ec36355216f5851f81c0b6ec266a2dcb8bbc92879494e8b0b963f6bab830fc5ea98a9dbe717a3b38b5731d63948e0aad
-
SSDEEP
786432:FnTe0UOYgy+hEJpfbIHJ0VJi209uBZOLHEk:FTi8y+hapjQ0VJLBZEEk
Malware Config
Extracted
lumma
https://feerdaiks.biz/api
Signatures
-
Lumma family
-
Executes dropped EXE 1 IoCs
pid Process 2588 NewIn [v1.1.0].exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language NewIn [v1.1.0].exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2588 NewIn [v1.1.0].exe 2516 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2516 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2516 7zFM.exe Token: 35 2516 7zFM.exe Token: SeSecurityPrivilege 2516 7zFM.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2516 7zFM.exe 2516 7zFM.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2516 wrote to memory of 2588 2516 7zFM.exe 31 PID 2516 wrote to memory of 2588 2516 7zFM.exe 31 PID 2516 wrote to memory of 2588 2516 7zFM.exe 31 PID 2516 wrote to memory of 2588 2516 7zFM.exe 31
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release.zip"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\AppData\Local\Temp\7zO4D92B927\NewIn [v1.1.0].exe"C:\Users\Admin\AppData\Local\Temp\7zO4D92B927\NewIn [v1.1.0].exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.9MB
MD5b754082694884f8c6e0ff60a37e27d5a
SHA1fbcd2bc7a6b6aeff9a85da5d61e4484b61f4a728
SHA25697246e97f763676c0f5df4b2f9fc2d087067b8a6e497a7a9c29120efde9c1e34
SHA512401ea4ba67457bad1f3b5b69c4a84301476ad1e8e0abdf1d78f8fd0c49e00392efc79d9c59820eb48a42ff6af97edb46fc37b4dc39535447a5bb2f607990f349