Overview

overview

10

Static

static

1

Launcher_v1.4.9.9.zip

windows7-x64

1

Launcher_v1.4.9.9.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-01-2025 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher_v1.4.9.9.zip

  • Size

    3.7MB

  • MD5

    dfdc538af7b3a8dc317b9b50b17bf423

  • SHA1

    6da6ff1cd6f46df9ae09cf6b4cfa4c88fceefef9

  • SHA256

    db1ac1bbba4f280c0ca239bba2755dafe72d050d9e5d56a577ee0a7660fc6ced

  • SHA512

    84615e07412c7765fa6169ec4538be739da065405ed2f714888e767a252ab122ada4949f02f6b6b147047006aa749ea045ccbfe8bf20ef5a3c6314ae090208f9

  • SSDEEP

    98304:u71Rr0JbetMI2xgGallTTs9z3fw57FKhy6nZyQXmbtMAdczX:41x0JbetM5Cxls9ja7FKh3cd0

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://conformfucdioz.shop/api

https://bindceasdiwozx.shop/api

https://contemplateodszsv.shop/api

https://arriveoxpzxo.shop/api

https://catchddkxozvp.shop/api

https://declaredczxi.shop/api

https://replacedoxcjzp.shop/api

https://applyzxcksdia.shop/api

https://demandlinzei.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Launcher_v1.4.9.9.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3004
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3484
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Launcher_v1.4.9\" -spe -an -ai#7zMap10643:88:7zEvent4449
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4696
    • C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe
      "C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1924
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:3036
    • C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe
      "C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
          PID:4016
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          2⤵
            PID:1836
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:4304
        • C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe
          "C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe"
          1⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1988
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:1820
        • C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe
          "C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe"
          1⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4660
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:4644

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\Launcher_v1.4.9.zip
          Filesize

          3.7MB

          MD5

          6d2d588317040345b06f122c358d0aa5

          SHA1

          0bd8c8d576ad261296b191175a9852a12eea9c59

          SHA256

          73876d382cafa5971772d8db35daffa73e98d8e66d1bf473ba7a3e95915c9274

          SHA512

          4a00ac7bddea8b9d4dd7753b79f9738f42d2532721acfd7eb394c973880cdbc08ab47d980a990850888cd366fe9c552e9a3c6cb9f527dfad5118d3ff0e961d9d

          Download Submit

        • C:\Users\Admin\Desktop\Launcher_v1.4.9\Launcher\Launcher.1.4.9.exe
          Filesize

          23.7MB

          MD5

          19727d6aca5cb72ace3262bd57d374de

          SHA1

          4c22d8bbba51a4202191d4d5c813c21d405bd643

          SHA256

          0c58e579413a6631d6cae4b81a5ba0a5d68347913f6243bb540132d444739f5a

          SHA512

          6ea428601998a1bf9627355bf236a7fa872d53bb8a2c4008008b0f35e7ee9182975cd2de4af63f5e1e2c5af6ddde52bc010f1d6d5e3986e5ac6663b0f3e34ec5

          Download Submit

        • memory/3036-105-0x0000000000400000-0x0000000000455000-memory.dmp

          Filesize

          340KB

          Download

        • memory/3036-106-0x0000000000400000-0x0000000000455000-memory.dmp

          Filesize

          340KB

          Download