Overview

overview

10

Static

static

7

solarafdh3...8).zip

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2025 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    solarafdh3wy (6868).zip

  • Size

    371KB

  • MD5

    06f129971e7657b5c33929df3f7a3494

  • SHA1

    6463b90cf44d7ffc87833868e3e13089a288b6f3

  • SHA256

    fee7771775597b5552bf7fe898d0f2fe2c7945b7208c78fad912b9902a8b0f87

  • SHA512

    ade80ea45ca3551a61f1acd31245741d34b225d06790e3a7e52d6b94babc0dc83a5b885ab770084b5439c294cf8afa43bf142237ebf6a8643b5d03a9059c94e0

  • SSDEEP

    6144:IorbNB4hcAyHu6py+hHp0zL9lV9mWjxznuUy/ygfj1yghILCU+NIi3Fd1Pyh8MgN:Iorb34hcH0oJ0zLTnuUy6m1ygh2+NIi3

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\solarafdh3wy (6868).zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3356
  • C:\Users\Admin\Desktop\Solara.exe
    "C:\Users\Admin\Desktop\Solara.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\Desktop\Solara.exe
      "C:\Users\Admin\Desktop\Solara.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3564
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 168
      2⤵
      • Program crash
      PID:3584
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2376 -ip 2376
    1⤵
      PID:1968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\Solara.exe
      Filesize

      399KB

      MD5

      f2759e4fa7603993a732113cada342d4

      SHA1

      420abe07c73fe7b08358bebea98931dc84e28fc6

      SHA256

      66ca1f366c728aefd74e3abe35f3ea0987ec474128c68a5ed68921ae4c8809f4

      SHA512

      172be4edacd32b3b835f73f2216a47caeae73924d31576b769c9196bced5dc41eaed3070a5feab6472a78504cdc6d8261c55443d2ee6182491db6f5868994fa0

      Download Submit

    • memory/2376-6-0x000000007468E000-0x000000007468F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2376-7-0x00000000008D0000-0x000000000093A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2376-8-0x0000000005920000-0x0000000005EC4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2376-9-0x0000000074680000-0x0000000074E30000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2376-15-0x0000000074680000-0x0000000074E30000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2376-17-0x0000000074680000-0x0000000074E30000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3564-14-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3564-16-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3564-11-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/3564-18-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download