Overview

overview

10

Static

static

7

edbfdd04d1...5a.exe

windows7-x64

7

edbfdd04d1...5a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a.exe

  • Size

    24.4MB

  • MD5

    16b332205d167a6a6f76c5293aa8f201

  • SHA1

    40c0fba9107d270cf006f58f4fecc9742f806a2b

  • SHA256

    edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a

  • SHA512

    ff18c351f1f86134f79a535eb5f6045c5dfdf3ab9e632d15a5266c86e25c0cd675a88f457a99f3ae6a92d0929d35f703a366b0d11fac1ffaa09e6f44f39e11f5

  • SSDEEP

    393216:Z8V2nhTIrvYzEWmn+FBhwFDbllTqkl6eFh3zZNgni9HkHxHLCA9arP1A0+3ERPWy:OV2h2QzE0FTIpt6eFl1NykmxeS3u

Score
10/10
lummastealerupx

Malware Config

Extracted

Family

lumma

C2

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a.exe
    "C:\Users\Admin\AppData\Local\Temp\edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
        PID:3100

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3100-6-0x0000000000A60000-0x0000000000AB6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/3100-8-0x0000000000A60000-0x0000000000AB6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/3100-9-0x0000000000A60000-0x0000000000AB6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/3100-11-0x0000000000A60000-0x0000000000AB6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4804-0-0x00007FF7EFA00000-0x00007FF7F3AB2000-memory.dmp
      Filesize

      64.7MB

      Download
    • memory/4804-3-0x00007FF7EFA00000-0x00007FF7F3AB2000-memory.dmp
      Filesize

      64.7MB

      Download
    • memory/4804-10-0x00007FF7EFA00000-0x00007FF7F3AB2000-memory.dmp
      Filesize

      64.7MB

      Download