826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lummastealer/Data/Media/compete.pdf
Size

288KB
MD5

04b4784201699e30830a56fd900000ca
SHA1

6036b4730837e180cbab31552045642dd54cb8c7
SHA256

4569778d4d10719964e067f502e949a64243e13ea45c89e1c69a89d038613dda
SHA512

84c7ec38722032c027b3f73bd815d61f61138365a6e6913f74e0ed4434108009a1d4d352f1c5504fe9830f8dae67b6b8a9939f88a99d87b78fab8c84db6ac3a6
SSDEEP

6144:HKNeMbv5K4Mb8Nn7abZoDtR1K+DW+ss6a637cjUz5Lph:HLMbv5K4MbY7SZoBR1K+DZdJ63IjUzhP

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
796	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
796	AcroRd32.exe
796	AcroRd32.exe
796	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lummastealer\Data\Media\compete.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
6607931a5120cdb882a7546704afa23b

SHA1
93e75993039b7714edffb6aeac4e276a1779b281

SHA256
024a3cd9ec2480ec576849c9a2e1c24d5c728490cf7d4903448931e3b25bd554

SHA512
e414c4afd65666418bb31b699edb59d6826794f464ba96864975925bbae0e88f88682676e17e925e29038076895f13cd845e42e1b5576707979b68ef7be743f5

Download Submit