792af0ae76d8b98b0f353e6f8dde0711f98268af2a650f540a009adcd3fb3640 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Purchase O...12.pdf

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Purchase Order #2412.pdf
Size

12KB
Sample

230508-p8pj7ace4s
MD5

932bccca6af825e88ffc79f0000d28ba
SHA1

59e41d94665591be5b17801bed1c6b47dc286b30
SHA256

792af0ae76d8b98b0f353e6f8dde0711f98268af2a650f540a009adcd3fb3640
SHA512

6332ec3488402cdc0bd65529fc194deea1f5121f01d405e50d9e3a8123507aa19ca6018588e66131ad4c308862d3cad2785a6639195aa1e95b45fd2798bd5c50
SSDEEP

192:Vl2GXtBMUFeS5aakOxMLuXTVN1KFkaklvrZ+vtufiejG+4Lb693G:L2GXtBMUMvJbLuZNEFkDzWWiejv4LbiG

Score

8^/10

collection link pdf

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Purchase Order #2412.pdf

Resource

win10v2004-20230220-en

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  Purchase Order #2412.pdf
- Size
  
  12KB
- MD5
  
  932bccca6af825e88ffc79f0000d28ba
- SHA1
  
  59e41d94665591be5b17801bed1c6b47dc286b30
- SHA256
  
  792af0ae76d8b98b0f353e6f8dde0711f98268af2a650f540a009adcd3fb3640
- SHA512
  
  6332ec3488402cdc0bd65529fc194deea1f5121f01d405e50d9e3a8123507aa19ca6018588e66131ad4c308862d3cad2785a6639195aa1e95b45fd2798bd5c50
- SSDEEP
  
  192:Vl2GXtBMUFeS5aakOxMLuXTVN1KFkaklvrZ+vtufiejG+4Lb693G:L2GXtBMUMvJbLuZNEFkDzWWiejv4LbiG
Score

8^/10

collection
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy