3959fe5de4dde7c95270ee277fc79b1119d5d0397df32fd5629406fd00a4afc6

Submit
Reports

Overview

overview

Static

static

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Cash.app/Cash

macos-10.15-amd64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Analysis

max time kernel
122s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf evasion

1 signatures

Behavioral task

behavioral1

Sample

Payload/Cash.app/ActivityHomeResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/Cash.app/ActivityHomeResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/Cash.app/AdyenCard.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/Cash.app/AdyenCard.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/Cash.app/AfterPayAccountManagementUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/Cash.app/AfterPayAccountManagementUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/Cash.app/AmountEntryResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/Cash.app/AmountEntryResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/Cash.app/AppMessageUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/Cash.app/AppMessageUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/Cash.app/AppPodResources.bundle/Assets.pdf

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/Cash.app/AppPodResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/Cash.app/ApplePayUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/Cash.app/ApplePayUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/Cash.app/BankingResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/Cash.app/BankingResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/Cash.app/BasicViewControllersResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/Cash.app/BasicViewControllersResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/Cash.app/BoostUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/Cash.app/BoostUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/Cash.app/CardSchemeResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/Cash.app/CardSchemeResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/Cash.app/CardStudioResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/Cash.app/CardStudioResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/Cash.app/Cash

Resource

macos-20240214-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/Cash.app/ContactsPermissionUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/Cash.app/ContactsPermissionUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

Payload/Cash.app/CryptoUIResources.bundle/Assets.pdf

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

Payload/Cash.app/CryptoUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral30

Sample

Payload/Cash.app/CustomerProfileResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

Payload/Cash.app/CustomerProfileResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

Payload/Cash.app/DeviceManagerResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/Cash.app/BankingResources.bundle/Assets.pdf
Size

32KB
MD5

6597c9ca4c668b9659070f3f395ef612
SHA1

47970abacebee8539a98cb4540998168cd63a039
SHA256

c667fdb30806daa575e58b15092a0f2c8fef284d78c3a92e1a9c2ac10a6faa67
SHA512

2777a95f6b9974837aea46fd17978e0f6077bd70b517d46bfbb909844369f8091f3978ab3d63d22c9dcfb57d3f303ebbca3c4d26492a6ff36022f298df422ae8
SSDEEP

192:Ww8OUgJtpV/DYaomgRSfbTdpvcb7A1yiMZdCM9iWL5Vwq5w:WwhN7/DYwlpvcbUgZEEiWL5Vwt

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2896	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2896	AcroRd32.exe
2896	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payload\Cash.app\BankingResources.bundle\Assets.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
193b5bca5717dd31f1cc884c98aca5e1

SHA1
155095022e771cad6d1d69b1831885ad69f53a88

SHA256
538ce8d45d448bf1d125f57e7ed1ed2e66d6b3ad1d969e58b3e28b15e22f233a

SHA512
a7a6dd70a492eab95b8863cbbe8fb599930e182d6e2920fa662217addff912cae4c6b791855fd0b3d2fd548c0a723268dc084e35eb3727c6db5f8aa52b2947ae

Download Submit