3959fe5de4dde7c95270ee277fc79b1119d5d0397df32fd5629406fd00a4afc6

Submit
Reports

Overview

overview

Static

static

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Cash.app/Cash

macos-10.15-amd64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Payload/Ca...ts.pdf

windows10-2004-x64

Payload/Ca...ts.pdf

windows7-x64

Analysis

max time kernel
99s
max time network
30s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 12:36

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf evasion

1 signatures

Behavioral task

behavioral1

Sample

Payload/Cash.app/ActivityHomeResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/Cash.app/ActivityHomeResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/Cash.app/AdyenCard.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/Cash.app/AdyenCard.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/Cash.app/AfterPayAccountManagementUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/Cash.app/AfterPayAccountManagementUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/Cash.app/AmountEntryResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/Cash.app/AmountEntryResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/Cash.app/AppMessageUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/Cash.app/AppMessageUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/Cash.app/AppPodResources.bundle/Assets.pdf

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/Cash.app/AppPodResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/Cash.app/ApplePayUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/Cash.app/ApplePayUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/Cash.app/BankingResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/Cash.app/BankingResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/Cash.app/BasicViewControllersResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/Cash.app/BasicViewControllersResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/Cash.app/BoostUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/Cash.app/BoostUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/Cash.app/CardSchemeResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/Cash.app/CardSchemeResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/Cash.app/CardStudioResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/Cash.app/CardStudioResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/Cash.app/Cash

Resource

macos-20240214-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/Cash.app/ContactsPermissionUIResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/Cash.app/ContactsPermissionUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

Payload/Cash.app/CryptoUIResources.bundle/Assets.pdf

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

Payload/Cash.app/CryptoUIResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral30

Sample

Payload/Cash.app/CustomerProfileResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

Payload/Cash.app/CustomerProfileResources.bundle/Assets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

Payload/Cash.app/DeviceManagerResources.bundle/Assets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/Cash.app/CardStudioResources.bundle/Assets.pdf
Size

136KB
MD5

73659a95b997d486f0f7a97ff564382f
SHA1

7dfc49050d8dad483b913799ffd9454aa377270b
SHA256

318b59c0a9655db2edcabe9e3d22901fb20514caf56ccaa40ef690d7226ac133
SHA512

4ac022aab36880fd660044014dc22210239c3ef7d4fdb8a38e5f39f9cea8d11a10bc0d81b43cd2d79b3065eb3f003bd76f1d5de4aaa1920f9678435d17034a44
SSDEEP

1536:ekwhRcSQbhDDx4P7XqMGay1is9aKGPLdKG6qeS7N2QW00:eONtoqwlPLcikQ0

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2088	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2088	AcroRd32.exe
2088	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payload\Cash.app\CardStudioResources.bundle\Assets.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a739a57b83b004a82bda4a588142b06b

SHA1
749e004337f26f38a18cbdadbe8ec93bb02fcbf2

SHA256
7f923234945d05d6c62b5c3eb365108372ddbd31750e04530a3f5c2cfaa86757

SHA512
a7cef43a50741c28c5139ff14d653f017396d7fa1cb9c18550b162665744c4f89bce56ad6500c3822f61ea358b9f4990a93559aa7c29de7b2c52f988cc15010f

Download Submit