Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 02:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
52b105f53cba19ed897bc7d08f2373c3.exe
Resource
win7-20231129-en
0 signatures
150 seconds
General
-
Target
52b105f53cba19ed897bc7d08f2373c3.exe
-
Size
10.7MB
-
MD5
52b105f53cba19ed897bc7d08f2373c3
-
SHA1
983a8f9b34441ed6e062842bab4b7137b29cc721
-
SHA256
9fab6244c65eab9863d45c1908f8dc64116c5a18e7680b00e9b6646ec91b440f
-
SHA512
786fa01b73163b6dad1cb3a14216c674fa47c40ec3dc2e464ca2a65f2e8b7423649032a508aba6b0b289080a6151e6846d02a04903a2a4586f22155f4104a789
-
SSDEEP
98304:M/zCs0T3+6x1DkITYkn9dD11lXfceCEoZYVb0PJaxrIjioPT0:Syu6x1DkOYkn93Xp7lrJ
Malware Config
Extracted
Family
lumma
C2
https://citizencenturygoodwk.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
52b105f53cba19ed897bc7d08f2373c3.exedescription pid process target process PID 1920 set thread context of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
52b105f53cba19ed897bc7d08f2373c3.exedescription pid process target process PID 1920 wrote to memory of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe PID 1920 wrote to memory of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe PID 1920 wrote to memory of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe PID 1920 wrote to memory of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe PID 1920 wrote to memory of 1944 1920 52b105f53cba19ed897bc7d08f2373c3.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\52b105f53cba19ed897bc7d08f2373c3.exe"C:\Users\Admin\AppData\Local\Temp\52b105f53cba19ed897bc7d08f2373c3.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-2-0x00007FF710160000-0x00007FF710C7C000-memory.dmpFilesize
11.1MB
-
memory/1920-8-0x00007FF710160000-0x00007FF710C7C000-memory.dmpFilesize
11.1MB
-
memory/1944-5-0x0000000001040000-0x0000000001096000-memory.dmpFilesize
344KB
-
memory/1944-7-0x0000000001040000-0x0000000001096000-memory.dmpFilesize
344KB
-
memory/1944-9-0x0000000001040000-0x0000000001096000-memory.dmpFilesize
344KB