lumma | 0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 01:01

Target

0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe
Size

5.3MB
MD5

34b7f00d12b3038498138e52e03cff3c
SHA1

3909faa970757f2653d170eb4b12b9888fc0c942
SHA256

0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e
SHA512

24f0cfdfae905757088f26117212492057b9527c7c9793cca71d8761fbf4221dfbac806ecd143b6b31443ffbde43b1e6c11654056ac8d79bf2d74e61381673b0
SSDEEP

49152:aa+WtZnm23Dkwlg4YzuCe4dreJfR1MLyHXMWM4/99ZDGhuWj45EB5yXmZwGT7tww:R3Y23Dk4wdmtXVDV3EHJwat

Score

10^/10

Family

lumma

https://accumulationeyerwos.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe

description pid process target process

PID 668 set thread context of 4168 668 0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe BitLockerToGo.exe

description	pid	process	target process
PID 668 set thread context of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe

description	pid	process	target process
PID 668 wrote to memory of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe
PID 668 wrote to memory of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe
PID 668 wrote to memory of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe
PID 668 wrote to memory of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe
PID 668 wrote to memory of 4168	668	0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e.exe	BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:4168

memory/668-2-0x00007FF6F3A60000-0x00007FF6F4019000-memory.dmp

Filesize
5.7MB

Download
memory/668-6-0x00007FF6F3A60000-0x00007FF6F4019000-memory.dmp

Filesize
5.7MB

Download
memory/4168-5-0x00000000010F0000-0x0000000001146000-memory.dmp

Filesize
344KB

Download
memory/4168-8-0x00000000010F0000-0x0000000001146000-memory.dmp

Filesize
344KB

Download
memory/4168-9-0x00000000010F0000-0x0000000001146000-memory.dmp

Filesize
344KB

Download