Analysis
-
max time kernel
132s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 11:36
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
Setup.exe
Resource
macos-20240611-en
Behavioral task
behavioral6
Sample
Setup.exe
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral7
Sample
Setup.exe
Resource
debian12-mipsel-20240221-en
General
-
Target
Setup.exe
-
Size
11.2MB
-
MD5
8cc723573ea25e383dde086292cea276
-
SHA1
256f4ff972f9851859471f0b9bcf3ef716bea7f0
-
SHA256
7f73c93a769b51b149066e92ba8d518712c6c78ec1a8984aba156b757d13fcd8
-
SHA512
19e4d06fa0d476e09e47173ebd08001bcf862b992b147de0b9c4db8f2508036e7adc19ee04ccd46bf6fbbc8077e4d57ee947e811685cf792c1373176f6fd0ac6
-
SSDEEP
98304:l2TeFKyXsfAtYOMxy3J060mU/ja+X4JEXXav6Fc01:syFOfwYOMxy5F0mULa+X4KXh
Malware Config
Extracted
lumma
https://arritswpoewroso.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 4724 set thread context of 4600 4724 Setup.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
Setup.exedescription pid process target process PID 4724 wrote to memory of 4600 4724 Setup.exe BitLockerToGo.exe PID 4724 wrote to memory of 4600 4724 Setup.exe BitLockerToGo.exe PID 4724 wrote to memory of 4600 4724 Setup.exe BitLockerToGo.exe PID 4724 wrote to memory of 4600 4724 Setup.exe BitLockerToGo.exe PID 4724 wrote to memory of 4600 4724 Setup.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4304,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=1328 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4600-5-0x0000000001290000-0x00000000012EA000-memory.dmpFilesize
360KB
-
memory/4600-8-0x0000000001290000-0x00000000012EA000-memory.dmpFilesize
360KB
-
memory/4600-9-0x0000000001290000-0x00000000012EA000-memory.dmpFilesize
360KB
-
memory/4600-10-0x0000000001290000-0x00000000012EA000-memory.dmpFilesize
360KB
-
memory/4724-2-0x00007FF7BDB90000-0x00007FF7BE71D000-memory.dmpFilesize
11.6MB
-
memory/4724-6-0x00007FF7BDB90000-0x00007FF7BE71D000-memory.dmpFilesize
11.6MB