Analysis
-
max time kernel
196s -
max time network
262s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
01-07-2024 13:20
General
-
Target
maizu hack v1.4/maizu hack v1.4.exe
-
Size
507KB
-
MD5
5241cbe1ca5ad91d9701dcd3e86d0be4
-
SHA1
42e2343018e6f26747f21310e1498a0b7558cee7
-
SHA256
18b8ddccfd60b09d5e7148f3a5ce61c61d37da4de9e4206ad28155ad92d70a5d
-
SHA512
208b7e3efce893a7a766d03f5185f065e0067b100ec5917fe9a3030906ce0740669d95ad2a128cdecf7cd70051cd04e1befa1fec5ce855a6a016016ae25950e1
-
SSDEEP
12288:1+0NNkaifVNXUYLnft4Com2511gYTqKoGlGnzc:17yaCTXU+t4CoP5FTxoG
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://piedsiggnycliquieaw.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\maizu hack v1.4.exe"C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\maizu hack v1.4.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 3402⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/96-0-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/96-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/96-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4684-1-0x0000000000550000-0x0000000000551000-memory.dmpFilesize
4KB