General
-
Target
https://kmsofficial.org/
-
Sample
240625-jej5qawhqa
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://kmsofficial.org/
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://kmsofficial.org/
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
https://kmsofficial.org/
Resource
win11-20240508-en
Malware Config
Extracted
lumma
https://publicitycharetew.shop/api
https://computerexcudesp.shop/api
https://leafcalfconflcitw.shop/api
https://injurypiggyoewirog.shop/api
https://bargainnygroandjwk.shop/api
https://disappointcredisotw.shop/api
https://doughtdrillyksow.shop/api
https://facilitycoursedw.shop/api
Targets
-
-
Target
https://kmsofficial.org/
-
Creates new service(s)
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
2Service Execution
2Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Netsh Helper DLL
1Image File Execution Options Injection
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Netsh Helper DLL
1Image File Execution Options Injection
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1