Analysis
-
max time kernel
123s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 15:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SapphireX.exe
Resource
win7-20240419-en
0 signatures
150 seconds
General
-
Target
SapphireX.exe
-
Size
97.4MB
-
MD5
2fd6ab9ede29579295b396a7d9c8e935
-
SHA1
9a8207071c65e19c360f2d574c7205aa710582be
-
SHA256
0fef0b66199dc27ed7691e63852b9c19b9f2a1a19d16811e08a834013b038576
-
SHA512
e64b442f021a17d4b9cda50c99cec33594d42e496f4afd6ce48d91c3d1d664fa5082598f04cf9f1186a2d03d3d2361666e4c0f12500cdbefecaebbc48255146d
-
SSDEEP
393216:TMgE1A1/9F6DncvuyJAlgoy7AacE7+fa:TXE1AB9MncvuzEMS
Malware Config
Extracted
Family
lumma
C2
https://citizencenturygoodwk.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
SapphireX.exedescription pid process target process PID 1348 set thread context of 4520 1348 SapphireX.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
SapphireX.exedescription pid process target process PID 1348 wrote to memory of 4520 1348 SapphireX.exe BitLockerToGo.exe PID 1348 wrote to memory of 4520 1348 SapphireX.exe BitLockerToGo.exe PID 1348 wrote to memory of 4520 1348 SapphireX.exe BitLockerToGo.exe PID 1348 wrote to memory of 4520 1348 SapphireX.exe BitLockerToGo.exe PID 1348 wrote to memory of 4520 1348 SapphireX.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SapphireX.exe"C:\Users\Admin\AppData\Local\Temp\SapphireX.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3148,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1348-4-0x00007FF646390000-0x00007FF6489AC000-memory.dmpFilesize
38.1MB
-
memory/1348-6-0x00007FF646390000-0x00007FF6489AC000-memory.dmpFilesize
38.1MB
-
memory/4520-5-0x0000000001010000-0x0000000001069000-memory.dmpFilesize
356KB
-
memory/4520-8-0x0000000001010000-0x0000000001069000-memory.dmpFilesize
356KB
-
memory/4520-9-0x0000000001010000-0x0000000001069000-memory.dmpFilesize
356KB