Analysis
-
max time kernel
6s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-06-2024 19:55
General
-
Target
github.software.1.2.5.exe
-
Size
521KB
-
MD5
3395544e3a6d54c372f0f0121f7f47db
-
SHA1
1d7c3f910abd7f7e0f0c2f8826f36d6ab90bf6d3
-
SHA256
c52a78552d29308b8fedb868e09be677aaacf9a6395349b30e3150f817d6d190
-
SHA512
0157c319875b7f9ca4ca8ca0c0f5474f1aead7d0ba06c333ba628064a8559c9feecd3531d52db6f82c6422a50bd4cd43959ec10d8d647ae0049f6942f36d3127
-
SSDEEP
12288:s3gVK31bhVXlO1sORicGc2spnLtu0pGQ7G:sw0lbDla/Rb2shLtuYGE
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://piedsiggnycliquieaw.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\github.software.1.2.5.exe"C:\Users\Admin\AppData\Local\Temp\github.software.1.2.5.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 3202⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 34481⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2180-1-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2180-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2180-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3448-0-0x0000000000520000-0x0000000000521000-memory.dmpFilesize
4KB