lumma | 0d37e905b988a1a2853037b640323d691a39e7bcc68434b3cb43f42bcae1a9f4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 02:14

Target

5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe
Size

524KB
MD5

864fb28b0001b98ddd896dbdc604db30
SHA1

2c7691795b4313704b79c3dfe70b956e84b45a11
SHA256

5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0
SHA512

a7bec87ea630cbcfb28770bda372ebb7435f753caf6b8255c06d546f11a56c60018ad75f16938d50bb88749b2a2be970c9a9708455b65e5619dc4acae5be1317
SSDEEP

12288:cckdVi3+T/Tvm4YqTwEa+1mieYTAk+tvC4hV8vTuNnlv:ccoNT/laKmu6K5vTuNl

Score

10^/10

Family

lumma

https://backcreammykiel.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe

description pid process target process

PID 1012 set thread context of 336 1012 5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4824 1012 WerFault.exe 5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe

description	pid	process	target process
PID 1012 set thread context of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe

pid	pid_target	process	target process
4824	1012	WerFault.exe	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe

description	pid	process	target process
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe
PID 1012 wrote to memory of 336	1012	5de143343cc0a2b03f076de338308ac58eda529f6814a2e2266531d8ae09fbb0.exe	RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 280
2⤵
- Program crash
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1012 -ip 1012
1⤵
PID:2960

memory/336-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/336-3-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/336-4-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1012-1-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download