Analysis
-
max time kernel
6s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 19:55
Static task
static1
1 signatures
General
-
Target
github.software.1.2.5.exe
-
Size
521KB
-
MD5
3395544e3a6d54c372f0f0121f7f47db
-
SHA1
1d7c3f910abd7f7e0f0c2f8826f36d6ab90bf6d3
-
SHA256
c52a78552d29308b8fedb868e09be677aaacf9a6395349b30e3150f817d6d190
-
SHA512
0157c319875b7f9ca4ca8ca0c0f5474f1aead7d0ba06c333ba628064a8559c9feecd3531d52db6f82c6422a50bd4cd43959ec10d8d647ae0049f6942f36d3127
-
SSDEEP
12288:s3gVK31bhVXlO1sORicGc2spnLtu0pGQ7G:sw0lbDla/Rb2shLtuYGE
Malware Config
Extracted
Family
lumma
C2
https://piedsiggnycliquieaw.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
github.software.1.2.5.exedescription pid process target process PID 3448 set thread context of 2180 3448 github.software.1.2.5.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4128 3448 WerFault.exe github.software.1.2.5.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
github.software.1.2.5.exedescription pid process target process PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe PID 3448 wrote to memory of 2180 3448 github.software.1.2.5.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\github.software.1.2.5.exe"C:\Users\Admin\AppData\Local\Temp\github.software.1.2.5.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 3202⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 34481⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2180-1-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2180-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2180-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3448-0-0x0000000000520000-0x0000000000521000-memory.dmpFilesize
4KB