Analysis
-
max time kernel
131s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 16:16
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20231129-en
1 signatures
150 seconds
General
-
Target
test.exe
-
Size
24.4MB
-
MD5
16b332205d167a6a6f76c5293aa8f201
-
SHA1
40c0fba9107d270cf006f58f4fecc9742f806a2b
-
SHA256
edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a
-
SHA512
ff18c351f1f86134f79a535eb5f6045c5dfdf3ab9e632d15a5266c86e25c0cd675a88f457a99f3ae6a92d0929d35f703a366b0d11fac1ffaa09e6f44f39e11f5
-
SSDEEP
393216:Z8V2nhTIrvYzEWmn+FBhwFDbllTqkl6eFh3zZNgni9HkHxHLCA9arP1A0+3ERPWy:OV2h2QzE0FTIpt6eFl1NykmxeS3u
Malware Config
Extracted
Family
lumma
C2
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Processes:
resource yara_rule behavioral2/memory/100-0-0x00007FF753000000-0x00007FF7570B2000-memory.dmp upx behavioral2/memory/100-3-0x00007FF753000000-0x00007FF7570B2000-memory.dmp upx behavioral2/memory/100-10-0x00007FF753000000-0x00007FF7570B2000-memory.dmp upx -
Suspicious use of SetThreadContext 1 IoCs
Processes:
test.exedescription pid process target process PID 100 set thread context of 4052 100 test.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
test.exedescription pid process target process PID 100 wrote to memory of 4052 100 test.exe BitLockerToGo.exe PID 100 wrote to memory of 4052 100 test.exe BitLockerToGo.exe PID 100 wrote to memory of 4052 100 test.exe BitLockerToGo.exe PID 100 wrote to memory of 4052 100 test.exe BitLockerToGo.exe PID 100 wrote to memory of 4052 100 test.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\test.exe"C:\Users\Admin\AppData\Local\Temp\test.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/100-0-0x00007FF753000000-0x00007FF7570B2000-memory.dmpFilesize
64.7MB
-
memory/100-3-0x00007FF753000000-0x00007FF7570B2000-memory.dmpFilesize
64.7MB
-
memory/100-10-0x00007FF753000000-0x00007FF7570B2000-memory.dmpFilesize
64.7MB
-
memory/4052-6-0x0000000000810000-0x0000000000866000-memory.dmpFilesize
344KB
-
memory/4052-8-0x0000000000810000-0x0000000000866000-memory.dmpFilesize
344KB
-
memory/4052-9-0x0000000000810000-0x0000000000866000-memory.dmpFilesize
344KB