826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lummastealer.7z
Size

20.9MB
MD5

df9957243afdd11725b5f7e454b179aa
SHA1

bd856ebe241d3f0514b16d0a7fa1c9ab0cd47f53
SHA256

826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e
SHA512

1e755334095fc60a1f3f5185a102e55cef32e8a096097e5ed0a991d97137f159d782ac2b8e541351a8e79686f2dc23a7ba6de8b1389174059f6f4f1a86000885
SSDEEP

393216:2Yvlm/SBCPubqLpP/iFAC+DyGNu9jIjGjlFb43369OBR2u8es7mdNYq4MXqfamrs:k6B2uuLpiVJkSjbH4euZs7mbqwf

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1768	Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
1768	Setup.exe
1768	Setup.exe
1768	Setup.exe
1768	Setup.exe
1768	Setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1768	Setup.exe
1768	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
956	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	956	7zFM.exe
Token: 35	956	7zFM.exe
Token: SeSecurityPrivilege	956	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
956	7zFM.exe
956	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\lummastealer.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:956

C:\Users\Admin\Desktop\lummastealer\Setup.exe
"C:\Users\Admin\Desktop\lummastealer\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\lummastealer\ElbyCDIO.dll

Filesize
10.0MB

MD5
480632d4f827ff83a62b2d11def0a8b0

SHA1
2be22b2f102eaa760c5ce055c7aad84ab749ce6d

SHA256
4bd463ee8d69f9ac3defa5be9cd0ea2a4530dc6148da159940c10999748d9a55

SHA512
8d06ee88c08f30618c2a646e47de758a58159e9a64d36458c56097aad25088f732fd0a83cb0517515eb5b892053e71627c33f227cce9f8b8ae9b762d557f9776

Download Submit
C:\Users\Admin\Desktop\lummastealer\ElbyVCD.dll

Filesize
130KB

MD5
f189cc7f7c13a42480d9b58504156c28

SHA1
2526566ce83ad4d7678ac75167c16913b9248530

SHA256
11a37192b44942fa6b1238f3b7b27fddc35bdf638747425b474109d08c947fd0

SHA512
da7fe55a30117196404545dd86a640ad42dc1a0e78d912a8629fe50caa947b0ec08935d82d9e3f8089c76bff89f20acdb148a212bb299a584205a752ae2ce63a

Download Submit
C:\Users\Admin\Desktop\lummastealer\Setup.exe

Filesize
86KB

MD5
3bd79a1f6d2ea0fddea3f8914b2a6a0c

SHA1
3ea3f44f81b3501e652b448a7dc33a8ee739772e

SHA256
332e6806eff846a2e6d0dc04a70d3503855dabfa83e6ec27f37e2d9103e80e51

SHA512
7bbb3f3af90443803f7689c973a64f894fb48bd744ab0c70af7dfa7c763354dc6f67a7fbb7053d38b0c6611b0aaa532e73eb2579c1445b8a31c573f8bf972a67

Download Submit
C:\Users\Admin\Desktop\lummastealer\dxukuss

Filesize
2.4MB

MD5
5c73f8ec5f4f05e458a05bb23c8e8321

SHA1
e05c2a197d915ecb0ddf10c2beebd607cc9b1b86

SHA256
9cef91c5c100b6b616330df4763bc428fe3dd535e0efbd8c3311500fcac7d04f

SHA512
8bf825f773307daeccff21d555f5e09a8a4406c52b95b1886151ed172dcfa8af374667819e570ab658e7706b75a4e8c803cf5ab2271a839f57d895e681e8c1aa

Download Submit
C:\Users\Admin\Desktop\lummastealer\mold

Filesize
51KB

MD5
14e7d17cc0ae65fe4064e8bc82b79899

SHA1
b97356f114b70ae7e271903883e3bf32240c2097

SHA256
de027d07419afdded302c691560f44f897fdae4ddb8bb27d75871d25b842ba15

SHA512
5ac60f6db33e9915aab4bd5da3d18adc8dd7034e0b6ff5ff696305ff688f4d9fcc39c7c5236355ba082c1916f1989ab82b51dfd02c9742890608c25f33c9ed8b

Download Submit
memory/1768-191-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1768-189-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1768-193-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1768-194-0x0000000000610000-0x0000000001588000-memory.dmp

Filesize
15.5MB

Download
memory/1768-198-0x0000000076C00000-0x000000007784A000-memory.dmp

Filesize
12.3MB

Download
memory/1768-199-0x0000000077A70000-0x0000000077C19000-memory.dmp

Filesize
1.7MB

Download