cbe7cf9965c2355c0ebd538e23ecc24c6d2a855d95eda0a88729a742745019e0 | Triage

Submit
Reports

Overview

overview

8

Static

static

4

Invoice.pdf

windows10-1703-x64

8

Resubmissions

27-01-2023 20:17

230127-y24vzada68 4

13-09-2022 13:21

220913-qlnj2sffg6 8

Sharing

General

Target

Invoice.pdf
Size

70KB
Sample

220913-qlnj2sffg6
MD5

f62e18cf0ca85ed52d0302ce5a44c6b9
SHA1

e4d3989f1b261176d5a0ae74b852d6419b892732
SHA256

cbe7cf9965c2355c0ebd538e23ecc24c6d2a855d95eda0a88729a742745019e0
SHA512

dc24fe0d13003f77065f9c6215122309e362b5bf8a5cb0622fc5d0033414f0ad79e46c47b841b455d41fa13fc9ab7df8bdab540c0e26c81f846dcba93ea91e7f
SSDEEP

1536:PpMhpOmsxC6raC40llanfc1RXmneRa36wwp0YcNPM4NGo:hsExC6rY0ban01R2nz36wwp0YcNM4Mo

Score

8^/10

discovery link pdf persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Invoice.pdf

Resource

win10-20220901-en

discovery persistence

windows10-1703-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  Invoice.pdf
- Size
  
  70KB
- MD5
  
  f62e18cf0ca85ed52d0302ce5a44c6b9
- SHA1
  
  e4d3989f1b261176d5a0ae74b852d6419b892732
- SHA256
  
  cbe7cf9965c2355c0ebd538e23ecc24c6d2a855d95eda0a88729a742745019e0
- SHA512
  
  dc24fe0d13003f77065f9c6215122309e362b5bf8a5cb0622fc5d0033414f0ad79e46c47b841b455d41fa13fc9ab7df8bdab540c0e26c81f846dcba93ea91e7f
- SSDEEP
  
  1536:PpMhpOmsxC6raC40llanfc1RXmneRa36wwp0YcNPM4NGo:hsExC6rY0ban01R2nz36wwp0YcNM4Mo
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2024

Terms | Privacy