826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lummastealer/Data/Media/R-data.pdf
Size

391KB
MD5

4914945ae5b3ef54b8940d02c364e4c8
SHA1

32fbdf74a8957aee2f07d1a3c346e6fce45eb2f8
SHA256

0b0a67c922342dfbfacefa6e2f9fdd8b15ea79f8cb10f45de72dd3c40d0a537b
SHA512

1b54d686ef91171b3c0f554019d478d20983c07255f094ace19f84ff2e6ac933f60aed651a713d8012727b04b7f9e4044ecca294fdf8c429b4ac56746467e3be
SSDEEP

6144:7Y9eLt16cqXNF9M6W6D+HF0BlpV8d3GdRFHzdZOtCEJhxnVm:7YGLF8F9M6W6DR63IzdZMm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2632	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lummastealer\Data\Media\R-data.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ace3db0ada22043cb70620e0e747ba5a

SHA1
0927c9bdb6e8d3a43ba844e07f23e0284b168a61

SHA256
e81c2ae732ab68b3727b740fb4a602f5a5e9d1efdc9549451ee96b222c965b65

SHA512
ee8a4f247ddbfa2eeac7cad7998dd5bfb1cfba40d9757656a731c747202bb4eccd7931efc20f8475d6acb2005292199cdad19fed00442e24faf39fcaf0f68294

Download Submit