Overview

overview

10

Static

static

3

Ulpack.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    32s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ulpack.exe

  • Size

    10.7MB

  • MD5

    52b105f53cba19ed897bc7d08f2373c3

  • SHA1

    983a8f9b34441ed6e062842bab4b7137b29cc721

  • SHA256

    9fab6244c65eab9863d45c1908f8dc64116c5a18e7680b00e9b6646ec91b440f

  • SHA512

    786fa01b73163b6dad1cb3a14216c674fa47c40ec3dc2e464ca2a65f2e8b7423649032a508aba6b0b289080a6151e6846d02a04903a2a4586f22155f4104a789

  • SSDEEP

    98304:M/zCs0T3+6x1DkITYkn9dD11lXfceCEoZYVb0PJaxrIjioPT0:Syu6x1DkOYkn93Xp7lrJ

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://citizencenturygoodwk.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ulpack.exe
    "C:\Users\Admin\AppData\Local\Temp\Ulpack.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
        PID:4608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2836-2-0x00007FF6076A0000-0x00007FF6081BC000-memory.dmp
      Filesize

      11.1MB

      Download
    • memory/2836-6-0x00007FF6076A0000-0x00007FF6081BC000-memory.dmp
      Filesize

      11.1MB

      Download
    • memory/4608-5-0x0000000000590000-0x00000000005E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4608-9-0x0000000000590000-0x00000000005E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4608-8-0x0000000000590000-0x00000000005E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4608-10-0x0000000000590000-0x00000000005E6000-memory.dmp
      Filesize

      344KB

      Download