lumma | 16fcbcc1418657e83e30f6c4d8e9c9925b11444feb8bbf6648eb4913cd03d60e

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewSetup.exe
Size

4.1MB
MD5

54b924d299ee549a0d7e8ee515a7acac
SHA1

4ac7584339fea57e62bbbd5f1d48a3307ef5760c
SHA256

16fcbcc1418657e83e30f6c4d8e9c9925b11444feb8bbf6648eb4913cd03d60e
SHA512

bc6c163c06ccef5efeb8299fe187ff2bac87664d293cf33e8c9ced5f54cfe33e088e8918b6ad49825cfc09cb8e6956341b454425b18b2b64e137c8534e6be310
SSDEEP

98304:yFYjfvTXyCfwakE4HCsdv9q5bFleVZm3U:yFYTLXyCfHkE4VvMD4VD

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://harmfullyelobardek.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

NewSetup.exe

description pid process target process

PID 3372 set thread context of 3160 3372 NewSetup.exe NewSetup.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

NewSetup.exe

description pid process

Token: SeDebugPrivilege 3372 NewSetup.exe

description	pid	process	target process
PID 3372 set thread context of 3160	3372	NewSetup.exe	NewSetup.exe

description	pid	process
Token: SeDebugPrivilege	3372	NewSetup.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

NewSetup.exe

description	pid	process	target process
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe
PID 3372 wrote to memory of 3160	3372	NewSetup.exe	NewSetup.exe

C:\Users\Admin\AppData\Local\Temp\NewSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NewSetup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3372

C:\Users\Admin\AppData\Local\Temp\NewSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NewSetup.exe"
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3096 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3160-70-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3160-74-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3160-72-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3160-67-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3372-40-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-68-0x00000000744E0000-0x0000000074C90000-memory.dmp

Filesize
7.7MB

Download
memory/3372-6-0x0000000005D70000-0x0000000005D8C000-memory.dmp

Filesize
112KB

Download
memory/3372-8-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-12-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-66-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-0-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/3372-63-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-60-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-58-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-56-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-54-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-52-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-50-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-48-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-46-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-45-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-36-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-65-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-5-0x0000000006610000-0x0000000006BB4000-memory.dmp

Filesize
5.6MB

Download
memory/3372-42-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-34-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-32-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-28-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-26-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-24-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-22-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-20-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-18-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-16-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-14-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-10-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-30-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-7-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-38-0x0000000005D70000-0x0000000005D85000-memory.dmp

Filesize
84KB

Download
memory/3372-4-0x0000000005EB0000-0x0000000006030000-memory.dmp

Filesize
1.5MB

Download
memory/3372-3-0x00000000744E0000-0x0000000074C90000-memory.dmp

Filesize
7.7MB

Download
memory/3372-2-0x0000000005E00000-0x0000000005E9C000-memory.dmp

Filesize
624KB

Download
memory/3372-73-0x00000000744E0000-0x0000000074C90000-memory.dmp

Filesize
7.7MB

Download
memory/3372-1-0x0000000000F70000-0x000000000138A000-memory.dmp

Filesize
4.1MB

Download