Overview

overview

10

Static

static

4

HowToBeatP...ci.pdf

windows7-x64

1

HowToBeatP...ci.pdf

windows10-2004-x64

1

NEW PAYPAL...14.pdf

windows7-x64

1

NEW PAYPAL...14.pdf

windows10-2004-x64

1

PolishPaypal.pdf

windows7-x64

1

PolishPaypal.pdf

windows10-2004-x64

1

Profiting ...i.html

windows7-x64

1

Profiting ...i.html

windows10-2004-x64

1

ScrewPaypal.pdf

windows7-x64

1

ScrewPaypal.pdf

windows10-2004-x64

1

StealthPaypal.pdf

windows7-x64

1

StealthPaypal.pdf

windows10-2004-x64

1

The Ultima...de.pdf

windows7-x64

1

The Ultima...de.pdf

windows10-2004-x64

1

Unlimited ...ut.pdf

windows7-x64

1

Unlimited ...ut.pdf

windows10-2004-x64

1

Yasuo.Payp....5.lnk

windows7-x64

10

Yasuo.Payp....5.lnk

windows10-2004-x64

10

files/Yasu....5.exe

windows7-x64

10

files/Yasu....5.exe

windows10-2004-x64

10

paypal stealth.pdf

windows7-x64

1

paypal stealth.pdf

windows10-2004-x64

1

Resubmissions

19-07-2024 13:39

240719-qx588sxcnf 10

07-06-2024 19:08

240607-xs7d3acc41 10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PolishPaypal.pdf

  • Size

    40KB

  • MD5

    8ccd0910daa227a0333e7198aa698a8e

  • SHA1

    0232b99524d17c26fa09bfa2230f5fb7aadf433a

  • SHA256

    1913f5048d667984b35b89f695b26e52d398034d222736c1d0d5120a9f8431c6

  • SHA512

    a9286c7d1211992f81cd88bd5f33142f6beea2e71cd311cdd52878e84900f6476c2254879a56f3da5e69992e63d9cc73b4a74c72657e271e63269efdc69eff71

  • SSDEEP

    768:TN/EfO0OMYgixR0HsWlLox4Vk4PBO6tRckYl0HPfmd1a4dtkRgmT2nMDzssdvJfd:VE5QgUyxYGr5xRckYl0HP+dQgs2n+Rl

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PolishPaypal.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    325136d24383076aef44e8794761d3d2

    SHA1

    a29d3d66388b1d1e78319e6752b1e8fcbb452242

    SHA256

    a177baf496082f191bdd91e7f107b03a2407a9b23ff5ee681ccb3ced6fba3976

    SHA512

    7693b6954b2abe65c9ecf62c114787f7f23deaa4bb7529b12f5c345dcd12791b3a1f6460c2a09ca115efdf61dd752c3060a82dcc19d31c8b79da6a3382a59af3

    Download Submit