Analysis
-
max time kernel
94s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-01-2025 02:08
Static task
static1
Behavioral task
behavioral1
Sample
06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe
Resource
win7-20241010-en
General
-
Target
06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe
-
Size
7.8MB
-
MD5
db1e2916043f09d2711d347a169bc668
-
SHA1
96ddae09530bd617fdbcb7e25e754937e88b2f00
-
SHA256
06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea
-
SHA512
907556d1fb2f938090e4fc2568dfdd34fef3cda831172af09bd37cecbef96d087587d2757575739a3055684edf4194e7eecee86d9069e16f17dfed7851f5a08a
-
SSDEEP
98304:InvwQSUtiMFxbq24ybJv7gQ3s/twVxKBiP5OQxoHkiP5OQxoHuP:Iop0ZR8QWCQiP5OQxoHkiP5OQxoHuP
Malware Config
Extracted
lumma
https://robinsharez.shop/api
https://handscreamny.shop/api
https://chipdonkeruz.shop/api
https://versersleep.shop/api
https://crowdwarek.shop/api
https://apporholis.shop/api
https://femalsabler.shop/api
https://soundtappysk.shop/api
Signatures
-
Lumma family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe -
Suspicious behavior: EnumeratesProcesses 40 IoCs
pid Process 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe 3888 06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe"C:\Users\Admin\AppData\Local\Temp\06868a3523fba77cf349c6d1043d64d67ad56d4afa85f229778b0a5aea30a5ea.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3888