ScreenShot
| Created | 2023.11.15 07:50 | Machine | s1_win7_x6401 |
| Filename | 217.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | a5e011229a460fe28b1d5de73ca405d6 | ||
| sha256 | 5911b3af7d48ce74fc6644064f176990a34230786598cfd97b90cf5208be7f5d | ||
| ssdeep | 12288:gAr1pRE1bJay6OXZ6/gew5JBW2YItxdn:gAr67ayHc0Htx | ||
| imphash | 1363911023188fdcc22c09b870728434 | ||
| impfuzzy | 48:UJQCtmx3r1LhgUrV4rIh2O6r2gly4rzF5bxtehOh+1O6:+QCtmd1LmUrKrIh2O6rx9GAh+1F | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Collects information about installed applications |
| watch | Detects Virtual Machines through their custom firmware |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET DNS Query to a *.pw domain - Likely Hostile
ET INFO HTTP Request to a *.pw domain
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
ET INFO HTTP Request to a *.pw domain
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47ae18 CloseHandle
0x47ae1c CompareStringW
0x47ae20 CreateDirectoryW
0x47ae24 CreateFileA
0x47ae28 CreateFileW
0x47ae2c CreateProcessW
0x47ae30 CreateToolhelp32Snapshot
0x47ae34 DecodePointer
0x47ae38 DeleteCriticalSection
0x47ae3c EncodePointer
0x47ae40 EnterCriticalSection
0x47ae44 ExitProcess
0x47ae48 ExpandEnvironmentStringsW
0x47ae4c FindClose
0x47ae50 FindFirstFileExW
0x47ae54 FindNextFileW
0x47ae58 FlushFileBuffers
0x47ae5c FreeEnvironmentStringsW
0x47ae60 FreeLibrary
0x47ae64 GetACP
0x47ae68 GetCPInfo
0x47ae6c GetCommandLineA
0x47ae70 GetCommandLineW
0x47ae74 GetComputerNameExA
0x47ae78 GetComputerNameW
0x47ae7c GetConsoleMode
0x47ae80 GetConsoleOutputCP
0x47ae84 GetCurrentProcess
0x47ae88 GetCurrentProcessId
0x47ae8c GetCurrentThreadId
0x47ae90 GetDriveTypeW
0x47ae94 GetEnvironmentStringsW
0x47ae98 GetFileSizeEx
0x47ae9c GetFileType
0x47aea0 GetLastError
0x47aea4 GetLogicalDrives
0x47aea8 GetModuleFileNameA
0x47aeac GetModuleFileNameW
0x47aeb0 GetModuleHandleA
0x47aeb4 GetModuleHandleExW
0x47aeb8 GetModuleHandleW
0x47aebc GetOEMCP
0x47aec0 GetProcAddress
0x47aec4 GetProcessHeap
0x47aec8 GetStartupInfoW
0x47aecc GetStdHandle
0x47aed0 GetStringTypeW
0x47aed4 GetSystemDefaultLangID
0x47aed8 GetSystemDefaultUILanguage
0x47aedc GetSystemTimeAsFileTime
0x47aee0 GetTimeZoneInformation
0x47aee4 GetUserDefaultLangID
0x47aee8 GetUserDefaultUILanguage
0x47aeec GetVolumeInformationW
0x47aef0 HeapAlloc
0x47aef4 HeapFree
0x47aef8 HeapReAlloc
0x47aefc HeapSize
0x47af00 InitializeCriticalSectionAndSpinCount
0x47af04 InitializeSListHead
0x47af08 IsDebuggerPresent
0x47af0c IsProcessorFeaturePresent
0x47af10 IsValidCodePage
0x47af14 LCMapStringW
0x47af18 LeaveCriticalSection
0x47af1c LoadLibraryA
0x47af20 LoadLibraryExW
0x47af24 LoadLibraryW
0x47af28 MultiByteToWideChar
0x47af2c Process32FirstW
0x47af30 Process32NextW
0x47af34 QueryPerformanceCounter
0x47af38 RaiseException
0x47af3c ReadConsoleW
0x47af40 ReadFile
0x47af44 RtlUnwind
0x47af48 SetEndOfFile
0x47af4c SetEnvironmentVariableW
0x47af50 SetFilePointerEx
0x47af54 SetFileTime
0x47af58 SetLastError
0x47af5c SetStdHandle
0x47af60 SetUnhandledExceptionFilter
0x47af64 SystemTimeToFileTime
0x47af68 TerminateProcess
0x47af6c TlsAlloc
0x47af70 TlsFree
0x47af74 TlsGetValue
0x47af78 TlsSetValue
0x47af7c TzSpecificLocalTimeToSystemTime
0x47af80 UnhandledExceptionFilter
0x47af84 WideCharToMultiByte
0x47af88 WinExec
0x47af8c WriteConsoleW
0x47af90 WriteFile
0x47af94 lstrcatW
0x47af98 lstrcmpW
0x47af9c lstrcmpiW
0x47afa0 lstrlenW
USER32.dll
0x47afa8 EnumDisplayDevicesA
0x47afac GetDC
0x47afb0 GetDesktopWindow
0x47afb4 GetSystemMetrics
0x47afb8 ReleaseDC
0x47afbc SystemParametersInfoW
0x47afc0 wsprintfW
ADVAPI32.dll
0x47afc8 GetCurrentHwProfileW
0x47afcc RegCloseKey
0x47afd0 RegEnumKeyExW
0x47afd4 RegOpenKeyExW
0x47afd8 RegQueryValueExW
GDI32.dll
0x47afe0 BitBlt
0x47afe4 CreateCompatibleBitmap
0x47afe8 CreateCompatibleDC
0x47afec CreateDCW
0x47aff0 DeleteDC
0x47aff4 DeleteObject
0x47aff8 GetDIBits
0x47affc GetObjectW
0x47b000 SelectObject
SHLWAPI.dll
0x47b008 PathFileExistsW
WINHTTP.dll
0x47b010 WinHttpCloseHandle
0x47b014 WinHttpConnect
0x47b018 WinHttpCrackUrl
0x47b01c WinHttpOpen
0x47b020 WinHttpOpenRequest
0x47b024 WinHttpQueryDataAvailable
0x47b028 WinHttpReadData
0x47b02c WinHttpReceiveResponse
0x47b030 WinHttpSendRequest
IPHLPAPI.DLL
0x47b038 GetAdaptersInfo
WININET.dll
0x47b040 HttpAddRequestHeadersA
0x47b044 InternetQueryDataAvailable
0x47b048 InternetReadFile
CRYPT32.dll
0x47b050 CryptStringToBinaryA
EAT(Export Address Table) is none
KERNEL32.dll
0x47ae18 CloseHandle
0x47ae1c CompareStringW
0x47ae20 CreateDirectoryW
0x47ae24 CreateFileA
0x47ae28 CreateFileW
0x47ae2c CreateProcessW
0x47ae30 CreateToolhelp32Snapshot
0x47ae34 DecodePointer
0x47ae38 DeleteCriticalSection
0x47ae3c EncodePointer
0x47ae40 EnterCriticalSection
0x47ae44 ExitProcess
0x47ae48 ExpandEnvironmentStringsW
0x47ae4c FindClose
0x47ae50 FindFirstFileExW
0x47ae54 FindNextFileW
0x47ae58 FlushFileBuffers
0x47ae5c FreeEnvironmentStringsW
0x47ae60 FreeLibrary
0x47ae64 GetACP
0x47ae68 GetCPInfo
0x47ae6c GetCommandLineA
0x47ae70 GetCommandLineW
0x47ae74 GetComputerNameExA
0x47ae78 GetComputerNameW
0x47ae7c GetConsoleMode
0x47ae80 GetConsoleOutputCP
0x47ae84 GetCurrentProcess
0x47ae88 GetCurrentProcessId
0x47ae8c GetCurrentThreadId
0x47ae90 GetDriveTypeW
0x47ae94 GetEnvironmentStringsW
0x47ae98 GetFileSizeEx
0x47ae9c GetFileType
0x47aea0 GetLastError
0x47aea4 GetLogicalDrives
0x47aea8 GetModuleFileNameA
0x47aeac GetModuleFileNameW
0x47aeb0 GetModuleHandleA
0x47aeb4 GetModuleHandleExW
0x47aeb8 GetModuleHandleW
0x47aebc GetOEMCP
0x47aec0 GetProcAddress
0x47aec4 GetProcessHeap
0x47aec8 GetStartupInfoW
0x47aecc GetStdHandle
0x47aed0 GetStringTypeW
0x47aed4 GetSystemDefaultLangID
0x47aed8 GetSystemDefaultUILanguage
0x47aedc GetSystemTimeAsFileTime
0x47aee0 GetTimeZoneInformation
0x47aee4 GetUserDefaultLangID
0x47aee8 GetUserDefaultUILanguage
0x47aeec GetVolumeInformationW
0x47aef0 HeapAlloc
0x47aef4 HeapFree
0x47aef8 HeapReAlloc
0x47aefc HeapSize
0x47af00 InitializeCriticalSectionAndSpinCount
0x47af04 InitializeSListHead
0x47af08 IsDebuggerPresent
0x47af0c IsProcessorFeaturePresent
0x47af10 IsValidCodePage
0x47af14 LCMapStringW
0x47af18 LeaveCriticalSection
0x47af1c LoadLibraryA
0x47af20 LoadLibraryExW
0x47af24 LoadLibraryW
0x47af28 MultiByteToWideChar
0x47af2c Process32FirstW
0x47af30 Process32NextW
0x47af34 QueryPerformanceCounter
0x47af38 RaiseException
0x47af3c ReadConsoleW
0x47af40 ReadFile
0x47af44 RtlUnwind
0x47af48 SetEndOfFile
0x47af4c SetEnvironmentVariableW
0x47af50 SetFilePointerEx
0x47af54 SetFileTime
0x47af58 SetLastError
0x47af5c SetStdHandle
0x47af60 SetUnhandledExceptionFilter
0x47af64 SystemTimeToFileTime
0x47af68 TerminateProcess
0x47af6c TlsAlloc
0x47af70 TlsFree
0x47af74 TlsGetValue
0x47af78 TlsSetValue
0x47af7c TzSpecificLocalTimeToSystemTime
0x47af80 UnhandledExceptionFilter
0x47af84 WideCharToMultiByte
0x47af88 WinExec
0x47af8c WriteConsoleW
0x47af90 WriteFile
0x47af94 lstrcatW
0x47af98 lstrcmpW
0x47af9c lstrcmpiW
0x47afa0 lstrlenW
USER32.dll
0x47afa8 EnumDisplayDevicesA
0x47afac GetDC
0x47afb0 GetDesktopWindow
0x47afb4 GetSystemMetrics
0x47afb8 ReleaseDC
0x47afbc SystemParametersInfoW
0x47afc0 wsprintfW
ADVAPI32.dll
0x47afc8 GetCurrentHwProfileW
0x47afcc RegCloseKey
0x47afd0 RegEnumKeyExW
0x47afd4 RegOpenKeyExW
0x47afd8 RegQueryValueExW
GDI32.dll
0x47afe0 BitBlt
0x47afe4 CreateCompatibleBitmap
0x47afe8 CreateCompatibleDC
0x47afec CreateDCW
0x47aff0 DeleteDC
0x47aff4 DeleteObject
0x47aff8 GetDIBits
0x47affc GetObjectW
0x47b000 SelectObject
SHLWAPI.dll
0x47b008 PathFileExistsW
WINHTTP.dll
0x47b010 WinHttpCloseHandle
0x47b014 WinHttpConnect
0x47b018 WinHttpCrackUrl
0x47b01c WinHttpOpen
0x47b020 WinHttpOpenRequest
0x47b024 WinHttpQueryDataAvailable
0x47b028 WinHttpReadData
0x47b02c WinHttpReceiveResponse
0x47b030 WinHttpSendRequest
IPHLPAPI.DLL
0x47b038 GetAdaptersInfo
WININET.dll
0x47b040 HttpAddRequestHeadersA
0x47b044 InternetQueryDataAvailable
0x47b048 InternetReadFile
CRYPT32.dll
0x47b050 CryptStringToBinaryA
EAT(Export Address Table) is none