Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

Lumma C2/Generic-A

Dynamic Analysis Report

Created on 2024-08-26T02:49:01+00:00

x86_64-w64-ranlib.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\x86_64-w64-ranlib.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 285.50 KB
MD5 b58fe0a5a58266e2d16703e7725a6f77 Copy to Clipboard
SHA1 bbdfd57437aa760246c6cbfa7a97405344347633 Copy to Clipboard
SHA256 b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a Copy to Clipboard
SSDeep 6144:Isdo9ECUGu9ATbtJ1XN1c4KNvqhsoEG8X+UsO5XNQ:EzNu9ATb35Lhkvqhazs4 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00448B7E
Size Of Code 0x00046C00
Size Of Initialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-08-25 23:49 (UTC)
Version Information (10)
»
Comments Dauntless Lanthorn Sittings
CompanyName LovingDev
FileDescription Tricker
FileVersion 1.0.0.0
InternalName VQP.exe
LegalCopyright Copyright 2024
OriginalFilename VQP.exe
ProductName Lilly Hyperextended
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00046B84 0x00046C00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.99
.rsrc 0x0044A000 0x000005B8 0x00000600 0x00046E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.11
.reloc 0x0044C000 0x0000000C 0x00000200 0x00047400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00048B50 0x00046D50 0x00000000
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
x86_64-w64-ranlib.exe 1 0x00C20000 0x00C6DFFF Relevant Image False 32-bit - False
...
buffer 1 0x02502F78 0x02503423 First Execution False 32-bit 0x02503100 False
...
x86_64-w64-ranlib.exe 1 0x00C20000 0x00C6DFFF Process Termination False 32-bit - False
...
4f212d4d07b1834b07742dc5a470df380ad460baf140b4d1f70c6fcfb736d1c0 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 16.53 KB
MD5 77ed250c5fcd6a1c38f90e1559dba264 Copy to Clipboard
SHA1 fcfe96139a122091fa52eb340fa91e236ab21bf8 Copy to Clipboard
SHA256 4f212d4d07b1834b07742dc5a470df380ad460baf140b4d1f70c6fcfb736d1c0 Copy to Clipboard
SSDeep 384:x3sETdQmAxgJpZ96u4qOEIfW2UUttLk3jLrrXdUOXFTm3r33:x7+qR48HNUOXFTm373 Copy to Clipboard
ImpHash -
1f2962d78a411f75fd8c2aedabddfd1ac37c339024a6f73f6e64c9cb5adcf3b3 Downloaded File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.53 KB
MD5 3697ae21ceb38b563c533705582da399 Copy to Clipboard
SHA1 f0356dfdbe78d0de90247a5b9b456aa30ca84f03 Copy to Clipboard
SHA256 1f2962d78a411f75fd8c2aedabddfd1ac37c339024a6f73f6e64c9cb5adcf3b3 Copy to Clipboard
SSDeep 24:O2mVjnd3p+XtTvMZanOnGso7B+R9nSqJxisSbgqHCzt:lAjhiTvwU7B+RlSq3itAx Copy to Clipboard
ImpHash -
8cd3392a1026d539aabb593384c0870ad8a0f458b4c09c47e75bd0214173dabb Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 85 Bytes
MD5 ffc0a8d6fcc5b008d139e871cb79b3ad Copy to Clipboard
SHA1 95a6ae428fa68242a97bf57ca384b035ea76a78e Copy to Clipboard
SHA256 8cd3392a1026d539aabb593384c0870ad8a0f458b4c09c47e75bd0214173dabb Copy to Clipboard
SSDeep 3:vRYR69RrJMbjZwQGvlRsjlemVgm6Rn:JYR8Rt4yQgKZemVgmm Copy to Clipboard
ImpHash -
295a13ddca7d490d43244c4b9f92cfd21a5be55e8bea7be23cc012a78c98f753 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 50 Bytes
MD5 0328451f93b154483761fb31d19611ed Copy to Clipboard
SHA1 794e9696013fdcc51f6b4bbb8abaad2615570e27 Copy to Clipboard
SHA256 295a13ddca7d490d43244c4b9f92cfd21a5be55e8bea7be23cc012a78c98f753 Copy to Clipboard
SSDeep 3:vR/M6ECJMbjZwQg:Jk84yQg Copy to Clipboard
ImpHash -
1b5251cef34082837bd0e2e1b0ed05c1704a6e5dcb474ca02f926b50efa8502e Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 48 Bytes
MD5 4dbe461c6a4bb495429a5c258df6f9a3 Copy to Clipboard
SHA1 317e82e629004c2d0229fd9ed89df1df5ae0751e Copy to Clipboard
SHA256 1b5251cef34082837bd0e2e1b0ed05c1704a6e5dcb474ca02f926b50efa8502e Copy to Clipboard
SSDeep 3:ejDMWKikWRy9U+s0MQltbY:SXM6y9vMQlt8 Copy to Clipboard
ImpHash -
04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 8 Bytes
MD5 faf57b74d4f3a37d109433c62e0d0fbd Copy to Clipboard
SHA1 b844716b8f45b1069bb05a63c94df160aeb7bfba Copy to Clipboard
SHA256 04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Copy to Clipboard
SSDeep 3:vRFc:Je Copy to Clipboard
ImpHash -
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Downloaded File Text
Clean
Known to be clean.
...
»
MIME Type text/plain
File Size 2 Bytes
MD5 444bcb3a3fcf8389296c49467f27e1d6 Copy to Clipboard
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb Copy to Clipboard
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Copy to Clipboard
SSDeep 3:V:V Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image