826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lummastealer/Data/Media/R-exts.pdf
Size

1.4MB
MD5

6ea8704939c2c332a97db8fb0a2195f6
SHA1

faeb7c0f79be70006a6e3921efca3d6f2b4eafea
SHA256

98ff89550637046703c14bf824652aa26fe5466e91ed418c3a69dd3e4f235297
SHA512

c9599c64aaab06d2233f802f0c15735c3f59328a8fcc8d261b6c587e82134ca44004da042f088a926ba228342d3af915566e6bd0b184090ff34e7045f8238d95
SSDEEP

12288:4g4uUhjUsCn2qpnqSK91KP/VwxATXN7e4r4htlLURwC1JxeI0rVkejNfDWdRXlTA:4nVUsOpK9Ly7lrEbQF0rVhfDWdxlYH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
776	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
776	AcroRd32.exe
776	AcroRd32.exe
776	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lummastealer\Data\Media\R-exts.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3ab1967552fa3b344f83eb051580272a

SHA1
0876106d49b2ef594210b3d423cab534c1ba9a53

SHA256
56037850fb17cbb47bab8549c5a183917e490357ce4bf9fd44949de23735b988

SHA512
f7cea302e07e1909fe9653160b6a291db47ab24d83197ae2220c7bcc81f2088423f44db8d3be931cabaee6f0db1ebc0016610c8de8d6090cecdc906b8329a164

Download Submit